How to generate a cert supporting higher ciphers

Mike 246 Reputation points
2022-05-10T15:00:55.023+00:00

I have a windows server and I want to generate a cert that can support this

200637-image.png

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,584 questions
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,565 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,567 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 39,506 Reputation points
    2022-05-13T07:24:41.373+00:00

    Hi Mike-6205,

    Here’s the Step-by-Step to creating a self certified certificate to support 256 bit:

    Run PowerShell as administrator

    Run the following command to create the certificate:

    New-SelfSignedCertificate –DnsName <Computer name> -CertStoreLocation “cert:\LocalMachine\My”

    Next, we need to add the self-signed certificate as a trusted certificate authority...
    Run MMC -32 as administrator

    Select File > Add or Remove Snap-ins

    Select Certificates and then click Add

    Select Computer account and press Next

    Select Local computer, then click Finish. Then Click OK.

    Find the certificate in Personal > Certificates:

    Right-click on the newly created certificate and then select Properties. Input the desired Friendly Name field for the certificate based upon what you are testing. Once completed, select the Apply button followed by OK.

    Right-click on the certificate and choose Copy

    Expand Trusted Root Certificate Authorities

    Right-click on the Certificates folder

    Select Paste

    In IIS Manager (usually requiring Administrator permissions), you can now see the self-signed certificate with SHA-256 as the SSL certificate.


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

  2. Gary Reynolds 9,406 Reputation points
    2022-05-13T10:53:02.503+00:00

    Hi,

    The certificate doesn't control which cipher will be used for the connection encryption, the server and client negotiate a mutually agreed cipher. If you want to control which cipher is used, you will need to limit what cipher are supported by the server.

    Have a look at this article on Ciphers https://en.wikipedia.org/wiki/Cipher_suite

    This one to control the ciphers which ciphers are enabled https://dirteam.com/sander/2019/07/30/howto-disable-weak-protocols-cipher-suites-and-hashing-algorithms-on-web-application-proxies-ad-fs-servers-and-windows-servers-running-azure-ad-connect/

    Gary.

    0 comments No comments