CLI

Cert Central Client aka CCC is a command line tool for Cert Central.

How to install

cccis a dotnet global tool, requires the dotnet sdk 2.1 available here.

dotnet tool install -g dotnet-ccc

Features for Users

Any user can search for public certificates associated to a github account, the certificates are available in JSON format.

View registered users

ccc users

View user certificates

ccc certs -u USERNAME

Search certificates by thumbprint

ccc search -t THUMBPRINT

Features for developers

Some commands require to authenticate the client by using the API key available for registered users. The information of the logged user is stored locally and can be deleted with the logout command.

ccc login -u USERNAME -k APIKEY

ccc logout

How to generate a Self Signed Certificate.

There are multiple tools available: powershell, makecert, Azure KeyVault, openssl and more.

    New-SelfSignedCertificate -Subject "CN=Joey, O=Ramones, L=Queens, S=NewYork, C=US" `
    -FriendlyName Joey `
    -Type CodeSigning `
    -KeyUsage DigitalSignature `
    -KeyLength 2048 `
    -KeyAlgorithm RSA `
    -HashAlgorithm SHA256 `
    -TextExtension @('2.5.29.37={text}1.3.6.1.5.5.7.3.3', '2.5.29.19={text}Subject Type:End Entity') `
    -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
    -CertStoreLocation "Cert:\CurrentUser\My"
Registering certificates

To register a certificate in Cert Central you must have the certificate with the private key available in your CurrentUser\Personal certificate store that satisfy the code signing requirements.

The private key will be used to sign a random string sent by the server and used to validate content integrity and extract the public key from the signature.

The certificate with the public key will be available in a certcentral url.

ccc push

Trusting certificates

Users can query the registered certificates in Cert Central and make trust decissions based on the GitHub identity that is linked to it.

To trust a certificate for MSIX deployment, the certificate must be added to the LocalMachine\Trusted People store. This operation require to run the command prompt with admin privileges.

ccc certs -u USERNAME

You can also query all the certificates available in Trusted People to verify if they are registered in cert central

ccc trustedpeople