Generate Self-Signed Certificate With Powershell
Case
- Create a self-signed client certificate on your local computer.
- Use PowerShell with Azure PowerShell module and Windows Certificate Manager utility
Let’s start
Create a self-signed root certificate
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=ExampleRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
Generate a client certificate signed by the new root certificate
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `
-Subject "CN=ExampleChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
Export Certificate Public Key
- Run
certmgr from PowerShell - Go to
Personal and then to Certificates. - Select and right click on
ExampleRootCert certificate in the list choose All Tasks> Export. - In the Certificate Export Wizard, check if No, do not export the private key is selected and click Next.
- Choose Base-64 encoded X.509 (.CER) in Export File Format page and click next
- On the File to Export page, under File name, browse to a location that is easy to remember, save the file as
ExampleRootCert.cer, and then click Next. - Click Finish on Completing the Certificate Export Wizard page
