Space for Emmie Lewis-Briggman to ramble about various technologies and experiences. All opinions are my own. See disclaimer for details.

Certificate Renewal using C++

Cert Manager


It’s February and I just realized that we have a certificate that we must renew by the beginning of March.   This certificate was not an internally CA (certificate authority) issued code signing certificate.  It was a general click once like generated certificate that we use for encryption.  Guess what…I did not generate the certificate either!  The person long left the company.  I went through a SSL consultation with our corporate department and was told that we had to issue a new certificate and I did not have an option to renew.  I decided to research this further since I figured there was another way to renew the certificate.  I found a lovely Microsoft support article with C++ code that supports renewing the certificate.  It seems I am not alone in this problem.  This exact code did not work for me from the article but I did manage to create a nice up to date project from the sample code that will support renewing the certificate.  I had to massage the code and get it to work to my advantage and it did very much so.

What did I do?

I took the certificate and put it in the project directory so the C++ console application can read the bytes.  I ran the program via Visual Studio 2013 vs. the command line.  You all can achieve the same results by running the program in the command line.  The program reads the certificate , new certificate name and requires the password in order to renew the cert.  The program renews the cert for 5 years.  This is hard coded in the program and can be changed.  I don’t recommend anything over 5 years.  The certificate can be imported and exported in the certificate manager with no problems and used for your specific purpose.  Easy, easy…  I hope this helps someone out there.

printf("renewcert <PFX File> <new cert filename> <new cert friendly name> [optional]<password>\n");

printf("Example: renewcert oldcert.pfx newcert.pfx \"CN=MyNewCert\" MySuperSecretPassword");

Sharing is Caring

Why tell a story and not share?  I am not a big open source person yet.  I am improving daily.  Most of my work can’t go on my public GitHub.  There are times where things can be shared or I can create sample based on some problem I solved or plan to solve.  Check out the solution here.  Don’t forget to follow me on GitHub.  Happy coding!

No comments yet.

Leave a Reply