Creating Self Signed Certificates with PowerShell

Prior to PowerShell 4.0, you needed to download MakeCert.exe or another utility to create self signed certificates. Now you can do it in PowerShell.

Orin Thomas

November 7, 2014

2 Min Read
Creating Self Signed Certificates with PowerShell

Prior to PowerShell 4.0, you needed to download MakeCert.exe or another utility to create self signed certificates. Obtaining MakeCert involved jumping through a number of hoops. When I was writing about setting up an Azure management certificate in various MS Press books, one of the most complex parts was explaining how someone could get MakeCert.exe and use it to create the certificate.

I hoped that at some point the ability to create self-signed certs would crop up in the Windows operating system. Lo and behold it did with the release of Windows 8.1 and Server 2012 R2 - I just didn't notice until now. (though in my defense the Microsoft Azure documentation still references makecert.exe as well)

Rather than using Makecert.exe, you can use PowerShell.

The commands you need are New-SelfSignedCertificate and Export-PfxCertificate. The way you use them is as follows.

First - you need the FQDN that you want to use for the certificate. For example, orin.windowsitpro.internal. You then use the command

New-SelfSignedCertificate -certstorelocation cert:localmachinemy -dnsname orin.windowsitpro.internal

Running that command will add the self signed certificate to the local certificate store. When you run the command, you'll also get a certificate thumbprint that will look something like

CE0976529B02DE058C9CB2C0E64AD79DAFB18CF4

Next you need to populate a variable with a password you'll use when exporting the certificate from the local certificate store. Use something similar to the following to do this:

$pwd = ConvertTo-SecureString -String "Pa$$w0rd" -Force -AsPlainText

Once you've done that, use the Export-PfxCertificate cmdlet with the thumbprint generated when you created the certificate to export the certificate from the local certificate store. For example

Export-PfxCertificate -cert cert:localMachinemyCE0976529B02DE058C9CB2C0E64AD79DAFB18CF4 -FilePath e:tempcert.pfx -Password $pwd

You'll now have your exported self signed certificate. All without having to go through the joy of obtaining MakeCert.exe

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like