Introduction: Certman is a utility, bundled with several AccessData products, that can be used to generate self-signed certificates. These certificates can be used with the Enterprise Agent and other AccessData products. The steps below will demonstrate how to use Certman.
Updates:
- Certman3 uses SHA256 and 2048-bit length keys by default.
Prerequisites:
- Download and unzip certman.zip, the unzipped copy will be your working directory containing certman.exe.
Procedure:
- Open a Command Prompt (as Administrator)
- Navigate to the folder containing certman.exe
- Run the following command to generate a self-signed public/private key pair:
certman.exe -n
Where is the name of the local PC where Certman is being run (including domain, if applicable), and is what you'd like to name the certificate. - Certman will generate a P12 private key package, KEY, and CRT public certificate in the same folder as certman.exe
Example:
If my PC were named "ADPC", on the "adlocal.com" domain, and I wanted my certificates to be named "MyCert", I'd run the following command:
certman.exe -n ADPC.adlocal.com MyCert
This would produce a private key package named MyCert.p12, MyCert.key, and a public certificate named MyCert.crt.
To specify the key length use the -k switch.
certman.exe -k 4096 -n ADPC.adlocal.com MyCert
This would produce a private key package named MyCert.p12, MyCert.key, and a public certificate named MyCert.crt with a key length of 4096
Notes:
- Certificates generated by Certman are valid for 10 years
- The resulting P12 is encrypted for use only with AccessData products
- The resulting P12 and CRT can be used directly in AD Enterprise, AD Lab, FTK, Site Server, and FTK Central, without the need for conversion to ADP12