Quickly generate, install, and export Self-Signed Certificate in PowerShell on Windows 8.1/2012R2
Self-Signed Certificate can be used widely in test, development, Local Web or Cloud Web Sites. This article will introduce a method to quickly generate Self-Signed Certificate, automatically export private key, and install the cert under LocalMachine\My and LocalMachine\Root on Win8.1 and Win2012.
I also wrap the main logic in Form UI, can generate dynamic script to execute, very easy to be used. [This is the complete script downloading link: CodePlex and GitHub]
As far as we know, we have several methods to create Self-Signed certificate. For example, using MakeCert and CertMgr,using SelfSSL or SelfSSL7,using IIS 7/8 management console,or use complicated PowerShell script. These methods require to remember multiple command lines switches, or manual UI operation,or deep understand on details of certificate generation. This method I introduce here is to use Powershell PKI Cmdlet coming from new system, we only need to tell basic Certificate Subject, Private Key Protect password, and Certificate Export Path:
GenerateSelfSignedCert www.mytest.com MyTestPassword c:\temp\mytest.pfx
The function GenerateSelfSignedCert definition is:
<#
.DESCRIPTION
SelfSignedCertificate AutoScript
.NOTES
Author: Freist Li
Last Updated: 10/30/2014
#>
#Cert Genearation Related Functions
#**************************************************************************************
#Create Cert, install Cert to My, install Cert to Root, Export Cert as pfx
Function GenerateSelfSignedCert{
Param (
$certcn,
$password,
$certfilepath
)
#Check if the certificate name was used before
$thumbprintA=(dir cert:\localmachine\My -recurse | where {$_.Subject -match "CN=" +
$certcn} | Select-Object -Last 1).thumbprint
if ($thumbprintA.Length -gt 0)
{
Write-Host "Duplicated Cert Name used" -ForegroundColor Cyan
return
}
else
{
$thumbprintA=New-SelfSignedCertificate -DnsName $certcn -CertStoreLocation cert:\LocalMachine\My
|ForEach-Object{ $_.Thumbprint}
}
#If generated successfully
if ($thumbprintA.Length -gt 0)
{
#query the new installed cerificate again
$thumbprintB=(dir cert:\localmachine\My -recurse | where {$_.Subject -match "CN=" + $certcn}
| Select-Object -Last 1).thumbprint
#If new cert installed sucessfully with the same thumbprint
if($thumbprintA -eq $thumbprintB )
{
$message = $certcn + " installed into LocalMachine\My successfully with thumprint "+$thumbprintA
Write-Host $message -ForegroundColor Cyan
$mypwd = ConvertTo-SecureString -String $password -Force –§CAsPlainText
Write-Host "Exporting Certificate as .pfx file" -ForegroundColor Cyan
Export-PfxCertificate -FilePath $certfilepath -Cert cert:\localmachine\My\$thumbprintA
-Password $mypwd
Write-Host "Importing Certificate to LocalMachine\Root" -ForegroundColor Cyan
Import-PfxCertificate -FilePath $certfilepath -Password $mypwd
-CertStoreLocation cert:\LocalMachine\Root
}
else
{
Write-Host "Thumbprint is not the same between new cert and installed cert." -ForegroundColor Cyan
}
}
else
{
$message = $certcn + " is not created"
Write-Host $message -ForegroundColor Cyan
}
}
After certificate is generated and installed,PowerShell will output:
In Certificate Manager Console, we can see
For the exported .pfx file,can be used with Local Web Service Or Microsoft Azure:
Bsaed on above GenerateSelfSignedCert function,I add more code to dynamic generate code to embed different parameters from Form UI. With this way, it can prompt friendly Form UI, generate your expected script, run it directly or copy it to target machine to execute. Because Certificate Installation on machine store needs admin permission, so you should open PowerShell or PowerShell_ISE with Admin Permission
The complete script downloading link: CodePlex and GitHub
Regards,
Freist Li from GBSD DSI Team
Comments
- Anonymous
November 24, 2014
so "localmachinemy" for personal"LocalmachineRoot" for root authority..."LocalMachineIntermediate" doesn't work... - Anonymous
May 25, 2015
Does anyone have any issues regarding directory roots? Such as the one in <a href="helprace.com/it-help-desk">it help</a> that's not very effective. Thanks for the tutorial though