Open your IIS. Click on Server Certificates. Click on Create Self-Signed Certificate. Specify a name and select Web Hosting, then click Ok. Select the certificate you just created and click on Export. When exporting it, select a location and choose a password (1) To get the Base64 string, you can use this code on C#: Use X.509 certificates with an individual enrollment to test your device and solution. In an individual enrollment, there's no root or intermediate X.509 certificate in your IoT Central application. Devices use a self-signed X.509 certificate to connect to your application. Generate self-signed device certificate Here are the steps : 1. Remove headers from PEM formatted String Headers are : ---- BEGIN CERTIFICATE ----- and ----- END CERTIFICATE ------ 2. Decode the rest of the part using Base64 to byte array 3. Then you can use CertificateFactory to convert byte stream to x509Certificate object. In the Services box, select Request x.509 user certificate and click Continue. Select the type of certificate that you want to generate, specify a keystore passphrase, and click Continue. Displayed will be ‘steps’ required in transferring the x.509 certificate (You may want to ‘cut’ the section out and paste to a note pad) from PC to As i see the behaviour in Outlook is different. Even if the public certificate of the Recipeint is not Present in the local Machines Certificate Manager. it is able to pick up the public certificate from centeral server of the organization or the Ad Server (i am not very sure about it) and send the encrypted mail. A root certificate is a self-signed X.509 certificate representing a certificate authority (CA). It is the terminus, or trust anchor, of the certificate chain. Root certificates can be self-issued by an organization or purchased from a root certificate authority. To learn more, see Get X.509 CA certificates. The root certificate can also be Here's a step-by-step example. Generate a certificate using OpenSSL's x509 tool (in a binary DER form, not the ASCII PEM) Calculate its SHA-1 hash using openssl x509 -fingerprint. Extract the TBS field using dd (or anything else) and store it in a separate file; calculate its hash using the sha1sum utility. Now, the hashes I get at steps 2 and •X.509 uses the widely accepted international X.509 public key infrastructure standard to verify that a public key belongs to the user, computer or service identify contained within the certificate. 11. Yes, according to X.509 specification serial number is unique for specific CA: 4.1.2.2 Serial number. The serial number is an integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate). Share. The fingerprint, as displayed in the Fingerprints section when looking at a certificate with Firefox or the thumbprint in IE is the hash of the entire certificate in DER form. If your certificate is in PEM format, convert it to DER with OpenSSL: openssl x509 -in cert.crt -outform DER -out cert.cer Then, perform a SHA-1 hash on it (e.g. with XYnzu.