How to create (script) self-signed certificates using PowerShell

Generally, a self-signed certificate is no longer recommended in an enterprise environment. But very vital in a test scenario where a certificate is a requirement for testing. This saves time and resources buying a certificate or deploying your own Public Key Infrastructure (PKI) environment.

Note: This can be generated using MMC and IIS (Internet Information Services). I will be demonstrating these steps in a later post.

Steps: Ensure to run PowerShell with Administrators privileges
1. Run the following command below. The New-SelfSignedCertificate cmdlet as shown below to add a certificate to the local store on your PC, replacing the fully qualified domain name (FQDN).

$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname techdirect.local

2. In this step, we will export the self-signed certificate. We will need to create a password as shown below to accomplish this step

$pwd = ConvertTo-SecureString -String ‘passw0rd!’ -Force -AsPlainText

3. We will have to export the self-signed certificate using the Export-PfxCertificate cmdlet as shown below. The password ($pwd) created will be used to create an additional string ($path), which specifies the path to the certificate created with the New-SelfSignedCertificate cmdlet.

$path = 'cert:\localMachine\my\' + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath c:\cert.pfx -Password $pwd

Note that the c:\temp directory, or whatever directory you specify in the -FilePath parameter, must already exist. You can now import the cert.pfx file to install the certificate.

Note: The few lines of codes can be combined together as shown below to create and store a self-signed certificate in the Windows Certificate Store. With the last line (Export-PfxCertificate) we export the certificate

$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname techdirect.local
$pwd = ConvertTo-SecureString -String ‘passw0rd!’ -Force -AsPlainText
$path = 'cert:\localMachine\my\' + $cert.thumbprint 
Export-PfxCertificate -cert $path -FilePath c:\cert.pfx -Password $pwd

Reference link: https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps

For other references considered.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x