Creating a SelfSigned Certificate using Powershell

Most of the time I get my certificates from an Active Directory CA but there are times when I want a temporary certificate to test something, like in a lab for example.

With the following commands, you can create and export a self signed certificate:

To create the certificate at the Personal store of Local Machine use:

New-SelfSignedCertificate -DnsName server.lab.local -CertStoreLocation Cert:\localmachine\my
 
In most cases, like IIS, you should be ready to assign the certificate to your application server by now. In case you want to export the certificate in PFX format (that included the private key), use the following cmdlets:

First, you'll need the thumbprint of the certificate from the above command, so save the output to a variable like:
 
 $Certificate = New-SelfSignedCertificate -DnsName server.lab.local -CertStoreLocation Cert:\localmachine\my
 
Please note that if you have already created the certificate using the first cmdlet, the second one will create a new certificate. If this is the case, you may get the thumbprint using the MMC console of the Get-Certificate cmdlet.
 
Next, you have to create a password to protect the PFX file:

$CertPassword = ConvertTo-SecureString -String "PasswordForCertificate" -Force -AsPlainText
 
Then, export the certificate with Export-PFXCertificate:
 
Export-PfxCertificate -Cert ("Cert:\localMachine\my\" + $Certificate.Thumbprint) -FilePath cert.pfx -Password $CertPassword

The above commands use the Local Computer certificate store and administrator rights are required for these operations. In case -you do not
have those rights, use the Current User store.

Popular posts from this blog

Domain Controller Machine Password Reset

Configuring a Certificate on Exchange Receive Connector

Running Multiple NGINX Ingress Controllers in AKS