= PowerShell Ssl SelfSigned Certificate =

 * Links: [[OpenSslSelfSignedCertificate]] <- Recommend using openssl

== 2024 Microsoft example ==
 * [[https://learn.microsoft.com/en-us/dotnet/core/additional-tools/self-signed-certificates-guide]]

 * PowerShell steps {{{
$cert = New-SelfSignedCertificate -DnsName @("contoso.com", "www.contoso.com") -CertStoreLocation "cert:\LocalMachine\My"

$certKeyPath = "c:\certs\contoso.com.pfx"
$password = ConvertTo-SecureString 'password' -AsPlainText -Force
$cert | Export-PfxCertificate -FilePath $certKeyPath -Password $password
$rootCert = $(Import-PfxCertificate -FilePath $certKeyPath -CertStoreLocation 'Cert:\LocalMachine\Root' -Password $password)


}}}

=== 2024 Powershell instructions ===
 * Basic cert {{{

New-SelfSignedCertificate -DnsName "www.example.com" -CertStoreLocation "Cert:\LocalMachine\My"

}}}

 * Advanced cert with 10y lifetime {{{

$today = Get-Date
$after = $today.AddYears(10)
$certificate = New-SelfSignedCertificate -DnsName "www.example.com", "example.com" 
-CertStoreLocation "Cert:\LocalMachine\My" `
-KeySpec "KeyExchange" 
-KeyUsage "DigitalSignature," "KeyEncipherment" `
-Type "SSLServerAuthentication" 
-NotAfter $after `
-Subject "CN=www.example.com, OU=IT, O=My Company Name, L=City, S=State, C=Country" `
-Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
-HashAlgorithm "SHA256" -KeyLength 2048

}}}

 * Export from cert store to PFX {{{

$cert = Get-ChildItem -Path "Cert:\LocalMachine\My\" -DnsName "www.example.com"
$thumb = $cert.Thumbprint
Export-PfxCertificate -Cert "Cert:\LocalMachine\My\$thumb" -FilePath "C:\cert\examplecert.pfx" -Password $pwd

}}}

 * Install on IIS Web Server {{{

# Open IIS Manaer -> Website -> Server Certificates -> Import

}}}

* For Apache convert pfx to pkcs12 {{{

openssl pkcs12 -in examplecert.pfx -out examplecert.pkcs12

}}}