Bad Key when using makecert.exe generated certificate

[jpalo]

I'm trying to use makecert.exe on Windows to generate valid certificate, but even version 1.3 of the plugin isn't happy with the certificate. I've tried with different options, but it's pretty much shooting in the dark.

I generate cert simpy by makecert -n "CN=KeepassCert" -e 02/01/2018 -ss my

or even makecert -n "CN=KeepassCert" -e 02/01/2018 -ss my -pe -len 2048 -a sha256

but error is

Certificate can't be used for encryption or you don't have a private key for decryption (bad key)!
Please check the certificate or open a issue on github!

System.Security.Cryptography.CryptographicException: Bad Key.

   at System.Security.Cryptography.Pkcs.EnvelopedCms.DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore)
   at KeyManagerUI.Certmanager.DecryptMsg(Byte[] encodedEnvelopedCms)
   at KeyManagerUI.KeyManagerUIForm.change_click(Object sender, EventArgs e)

What options should I use in makecert.exe to generate valid certificate?

[sbidy]

Hey, the "Bad Key" exception point mostly to a missing private key. In this case the certificate is not trusted because the "root-CA" is not in the trusted "Trusted Certificate Root Authorities" container. Please check the certificate trust - it should signed by an trusted root. You can use openssl to generate a root ca or you import the (in my case called "Root-Agency") certificate form makecert as root - keep in mind that this is an possible security issue.

I'll implement in the next release an option to use such "un-trusted or self-signed" certificates.

[sbidy]

Closed: No feedback and "un-trusted" certificates are now listed in the cert. store list.