Generating Self Signed Certificates using Powershell

I have been working to making a Bot to use SSL certificates for encryption on traffic to and from the BOT when communicating to its clients.  I have so far generated certs/ CSR  using OpenSSL , but I can also find few utilities in Powershell which do a very much similar job  .

 

The Powershell cmdlets below are useful for handling such jobs like Generating CSRs,  private keys, etc.  A simple help *Certificate reveals a load of cmdlets available in PKI Module.   In case you don’t see these list of cmdlets, you may need to import PKI module by running below command :

PS  > Import-Module PKI

7bc8721fbe0944c5818a6970a3eeba00

7bc8721fbe0944c5818a6970a3eeba00

 

We are going to use mainly below commands
[code language=”powershell”]
New-SelfSignedCertificate
Export-PfxCertificate
Export-Certificate
[/code]
 

  1. New-selfSignedCertificate – would generate a Self-signed certificate along with a Key. These would be stored in local Certificate Store on Windows.

2

Note down the Thumbprint which has been output by the above command. This is unique and would be required when exporting with Export-PfxCertificate cmdlet.

 

 

  1. Once you have created the Certificate the signed certificate is ready to be exported to a PFX format file. Please note that the PFX files contain both private key and the certificate and hence needs password protection. So when you try to export cert into PFX format, the cmdlet would ask you for a Secure String password.   Exporting the Certificate in PFX format is a 2 step process :

    # Create a Secure String
    [code language=”powershell”]
    $CertPwd = ConvertTo-SecureString -String “pa$$w0rd” -Force –AsPlainText</li>
    Export PFXExport-PfxCertificate -cert cert:\localMachine\my\25F6AF52512C99DF62A3AB1A4EF7308139F55714 -FilePath C:\temp\mycompany.pfx -password $CertPwd
    [/code]

3

This would create a mycompany.pfx file, which can be used to host any SSL based IIS site ,  or host a Chat Server for example (my next Blog).

3. If you are just looking to export the Certificate for importing it on your client program / machine, you can simply export just the Certificate without Private Key .

[code language=”powershell”]
export-certificate -cert Cert:\LocalMachine\My\25F6AF52512C99DF62A3AB1A4EF7308139F55714 -filepath C:\temp\mycompany.cer
[/code]

4

Listing C:\temp for the cert and pfx shows

5

Happy Reading !