PowerShell: Creating a self-signed certificate using Powershell without makecert or IIS

If you are using version 4+ of PowerShell, then instead of using the older makecert utility or the IIS Manager you can simply use New-SelfSignedCertificate cmdlet.

In this article I’ll provide a small Powershell script that can assist in creating a self-signed certificate in the local machine personal store.

Powershell prompt with privileges

First, open a command prompt with privileges (“Run as Administrator”), so that you can access the local machine cert store.  Then check that you are using at least version 4 of powershell.

powershell -executionpolicy bypass
PS> $psversiontable.psversion.major

Run script

Download my newSelfSignedCert.ps1 script from github and place it on your local machine.  Run it like below from the privileged console open earlier:

.\newSelfSignedCert.ps1 myserver.com Certp4ss!

This is specifying that you want the subject and SAN name to be “myserver.com”, and the exported pfx will use the password “Certp4ss!”.  Clearly, you will want to use a hostname and trusted password for your particular needs.

This is all enabled by the New-SelfSignedCertificate Powershell cmdlet enabled since PowerShell 4.

$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname $cn

Result

If you open up mmc, and the Windows certificate manager for the machine account you will now see this new certificate in the Computer level Personal trust store.

 

REFERENCES

petri.com, Creating a self signed cert using powershell

stackoverflow, import pfx using powershell

microsoft, parameter descriptions for New-SelfSignedCertificate

microsoft, requires directives in Powershell