1

I am a new administrator with very little experience, trying to configure my ADFS to cooperate with a single sign-on solution to cloud-based help desk software to be used internally in my organization. I have installed the Windows 7.1 SDK package on Server 2012, and am now in the process of attempting to make a certificate. The PDF guide is now instructing me to type the following commands into Windows SDK 7.1 command prompt:

makecert -r -pe -n "CN=adfs.yourdomain.com" -b 01/01/2013 -e 01/01/2014 -sky exchange Server.cer -sv Server.pvk 

(Instead of “adfs.yourdomain.com” give the fully qualified name of the AD FS system in the above command)

pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx 

After entering command 1.), I enter a password upon being prompted to do so. Next, I enter 2.), at which time it gives me an error message as follows:

ERROR: File not found Error Code = 0x80070002 

My question is two-fold: firstly and most straight-forwardly, what is happening here and how do I resolve this issue? Secondly, and more generally, what resources are available to me to familiarize myself with these presently obscure commands? I mean, I don't even know what I'm typing...

3
  • Try using the 8.1 SDK, which is actually supported for your platform. msdn.microsoft.com/en-us/windows/desktop/bg162891.aspx Commented Nov 11, 2015 at 19:38
  • For a "new administrator" as you put it, I would really not recommend powershell for the first few times you do this. Every AD controller has the option of installing a Certificate Authority. Can't really tell from the error message, but it looks like that might not be installed. Go into the Roles/Features menu and look for that option to install, from there, you can access it with localhost\certsrv Commented Nov 11, 2015 at 19:40
  • I would check the Windows Event Logs. Most official Microsoft tools throw errors into there. Commented Nov 11, 2015 at 21:20

2 Answers 2

1

Have a look at How to: Create Your Own Test Certificate.

The article explains what all the parameters mean.

e.g. cn is the subject name of your certificate, b is valid from, e is valid to etc.

Or refer to the full MSDN documentation - Makecert.exe (Certificate Creation Tool).

Essentially, you are creating a certificate and then transforming this into a pfx file (which is a type of certificate file that also contains the private key).

If you are using IIS for ADFS (i.e. not 2012 R2), then you can do this with IIS - How to Create a Self Signed Certificate in IIS 7

1
  • Thank you, this resource helped me understand how the command prompt requires that all the executable files involved in the commands be in the directory. Therefore, it requires makecert.exe and pvk2pfx.exe to be in the same directory folder, which it is not by default in Windows SDK 7.1 command prompt -- it is in the Bin folder within the default command prompt. Commented Nov 12, 2015 at 15:49
1

Thanks to nzpcmad, who provided me with a resource for understanding how the command prompt works, I was able to provide a solution to my issue that I hope others can use in the future:

The command prompt requires that all the executable files involved in the commands be in the directory that the command prompt is set to. (You can see the directory that the command prompt is set to by simply looking at the text prior to the '>' character). Therefore, in this particular situation, it requires makecert.exe and pvk2pfx.exe to be in the same directory folder, which it is not by default in Windows SDK 7.1 command prompt -- it is in the Bin folder within the default command prompt.

I created a folder in C:/ called 'MakeCert'. I then found the two executable programs needed to run their respective commands -- i.e, makecert.exe to run the command 'makecert', and pvk2pfx.exe to run the command 'pvk2pfx' -- in the file path "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin". Next, I placed these two executable files in the folder "C:/MakeCert that I created. Finally, I used the command prompt command "cd C:/MakeCert" -- which translates to change directory (cd) to the folder C:/MakeCert.

This changed the directory from the default path "C:\Program Files\Microsoft SDKs\Windows\v7.1", and provided a directory with both of my required .exe files as well as a place to house my created certificate files. There is no longer a "File Not Found" Error.

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.