Creating Self Signed Certificates with PowerShell
Prior to PowerShell 4.0, you needed to download MakeCert.exe or another utility to create self signed certificates. Now you can do it in PowerShell.
November 7, 2014
Prior to PowerShell 4.0, you needed to download MakeCert.exe or another utility to create self signed certificates. Obtaining MakeCert involved jumping through a number of hoops. When I was writing about setting up an Azure management certificate in various MS Press books, one of the most complex parts was explaining how someone could get MakeCert.exe and use it to create the certificate.
I hoped that at some point the ability to create self-signed certs would crop up in the Windows operating system. Lo and behold it did with the release of Windows 8.1 and Server 2012 R2 - I just didn't notice until now. (though in my defense the Microsoft Azure documentation still references makecert.exe as well)
Rather than using Makecert.exe, you can use PowerShell.
The commands you need are New-SelfSignedCertificate and Export-PfxCertificate. The way you use them is as follows.
First - you need the FQDN that you want to use for the certificate. For example, orin.windowsitpro.internal. You then use the command
New-SelfSignedCertificate -certstorelocation cert:localmachinemy -dnsname orin.windowsitpro.internal
Running that command will add the self signed certificate to the local certificate store. When you run the command, you'll also get a certificate thumbprint that will look something like
CE0976529B02DE058C9CB2C0E64AD79DAFB18CF4
Next you need to populate a variable with a password you'll use when exporting the certificate from the local certificate store. Use something similar to the following to do this:
$pwd = ConvertTo-SecureString -String "Pa$$w0rd" -Force -AsPlainText
Once you've done that, use the Export-PfxCertificate cmdlet with the thumbprint generated when you created the certificate to export the certificate from the local certificate store. For example
Export-PfxCertificate -cert cert:localMachinemyCE0976529B02DE058C9CB2C0E64AD79DAFB18CF4 -FilePath e:tempcert.pfx -Password $pwd
You'll now have your exported self signed certificate. All without having to go through the joy of obtaining MakeCert.exe
About the Author
You May Also Like