PowerShell Ssl SelfSigned Certificate

• Links: OpenSslSelfSignedCertificate <- Recommend using openssl

2024 Microsoft example

• https://learn.microsoft.com/en-us/dotnet/core/additional-tools/self-signed-certificates-guide

• PowerShell steps

  $cert = New-SelfSignedCertificate -DnsName @("contoso.com", "www.contoso.com") -CertStoreLocation "cert:\LocalMachine\My"
  
  $certKeyPath = "c:\certs\contoso.com.pfx"
  $password = ConvertTo-SecureString 'password' -AsPlainText -Force
  $cert | Export-PfxCertificate -FilePath $certKeyPath -Password $password
  $rootCert = $(Import-PfxCertificate -FilePath $certKeyPath -CertStoreLocation 'Cert:\LocalMachine\Root' -Password $password)

2024 Powershell instructions

• Basic cert

  New-SelfSignedCertificate -DnsName "www.example.com" -CertStoreLocation "Cert:\LocalMachine\My"

• Advanced cert with 10y lifetime

  $today = Get-Date
  $after = $today.AddYears(10)
  $certificate = New-SelfSignedCertificate -DnsName "www.example.com", "example.com" 
  -CertStoreLocation "Cert:\LocalMachine\My" `
  -KeySpec "KeyExchange" 
  -KeyUsage "DigitalSignature," "KeyEncipherment" `
  -Type "SSLServerAuthentication" 
  -NotAfter $after `
  -Subject "CN=www.example.com, OU=IT, O=My Company Name, L=City, S=State, C=Country" `
  -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
  -HashAlgorithm "SHA256" -KeyLength 2048

• Export from cert store to PFX

  $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\" -DnsName "www.example.com"
  $thumb = $cert.Thumbprint
  Export-PfxCertificate -Cert "Cert:\LocalMachine\My\$thumb" -FilePath "C:\cert\examplecert.pfx" -Password $pwd

• Install on IIS Web Server

  # Open IIS Manaer -> Website -> Server Certificates -> Import

* For Apache convert pfx to pkcs12

openssl pkcs12 -in examplecert.pfx -out examplecert.pkcs12