A self-signed certificate is a certificate that is signed by the person or organization creating it rather than a trusted certificate authority. When using a self-signed certificate, there is no chain of trust. The certificate has signed itself. The web browser will then issue a warning, telling you that the website certificate cannot be verified. See the following interesting guides on how to import a certificate into the Trusted Root and Personal file certificate store, how to request a certificate signing request in Windows using Microsoft Management Console, and how to export a certificate in PFX format in Windows.
Generally, a self-signed certificate is no longer recommended in an enterprise environment. But very vital in a test scenario where a certificate is a requirement for testing. This saves time and resources by buying a certificate or deploying your own Public Key Infrastructure (PKI) environment. Wish to see a different method on how to accomplish this task, kindly see "how to generate a self-signed certificate and export in PFX format via PowerShell [Part 2]".
Note: This can be generated using MMC and IIS (Internet Information Services). I will be demonstrating these steps in a later post.
Steps: Ensure to run PowerShell with Administrators privileges
1. Run the following command below. The New-SelfSignedCertificate cmdlet as shown below to add a certificate to the local store on your PC, replacing the fully qualified domain name (FQDN).
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname techdirect.local
2. In this step, we will export the self-signed certificate. We will need to create a password as shown below to accomplish this step
$pwd = ConvertTo-SecureString -String ‘passw0rd!’ -Force -AsPlainText
3. We will have to export the self-signed certificate using the Export-PfxCertificate cmdlet as shown below. The password ($pwd) created will be used to create an additional string ($path), which specifies the path to the certificate created with the New-SelfSignedCertificate cmdlet.
$path = 'cert:\localMachine\my\' + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath c:\cert.pfx -Password $pwd
Note: That the c:\temp directory, or whatever directory you specify in the -FilePath parameter, must already exist. You can now import the cert.pfx file to install the certificate.
Note: The few lines of codes can be combined together as shown below to create and store a self-signed certificate in the Windows Certificate Store. The last line (Export-Pfx Certificate) will export the certificate. Reference link:
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname techdirect.local $pwd = ConvertTo-SecureString -String ‘passw0rd!’ -Force -AsPlainText $path = 'cert:\localMachine\my\' + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath c:\cert.pfx -Password $pwd
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.