Win8.1 and Win2012 use PowerShell to quickly generate/install/export a Self-Signed Certificate (Self-Signed Certificate) tutorial

Self-signed certificates are widely used for testing, development, and use on local or cloud websites (such as Microsoft Azure Web Site. This article describes how to use PowerShell to quickly generate a self-signed certificate on Win8.1 and Win2012 R2, automatically export the private key, and automatically install it under LocalMachineMy and LocalMachineRoot. Easy to use. [Here is the complete script download link CodePlex or GitHub]

Currently, the methods for creating Self-Signed certificates include MakeCert and CertMgr, SelfSSL or SelfSSL7, built-in functions of IIS 7/8, or complicated PowerShell scripts. these methods require you to remember the complex parameters of multiple command lines, or perform manual UI operations, or have a deep understanding of the detailed logic of certificate generation. The script method here is to use the Powershell PKI Cmdlet that comes with the new system. You only need to tell the most basic certificate Subject, private key to protect the password, and export the private key path:

GenerateSelfSignedCert www.mytest.com MyTestPassword c: tempmytest. pfx

The functions used are defined as follows:

 

<#

. DESCRIPTION

SelfSignedCertificate AutoScript

. NOTES

Author: Freist Li

Last Updated: 10/30/2014

#>

# Cert Genearation Related Functions

#*************************************** **************************************** *************************************

# Create Cert, install Cert to My, install Cert to Root, Export Cert as pfx

Function GenerateSelfSignedCert {

Param (

$ Certcn,

$ Password,

$ Certfilepath

)

# Check if the certificate name was used before

$ ThumbprintA = (dir cert: localmachineMy-recurse | where {$ _. Subject-match "CN =" + $ certcn} | Select-Object-Last 1). thumbprint

If ($ thumbprintA. Length-gt 0)

{

Write-Host "Duplicated Cert Name used"-ForegroundColor Cyan

Return

}

Else

{

$ ThumbprintA = New-SelfSignedCertificate-DnsName $ certcn-CertStoreLocation cert: LocalMachineMy | ForEach-Object {$ _. Thumbprint}

}

# If generated successfully

If ($ thumbprintA. Length-gt 0)

{

# Query the new installed cerificate again

$ ThumbprintB = (dir cert: localmachineMy-recurse | where {$ _. Subject-match "CN =" + $ certcn} | Select-Object-Last 1). thumbprint

# If new cert installed sucessfully with the same thumbprint

If ($ thumbprintA-eq $ thumbprintB)

{

$ Message = $ certcn + "installed into LocalMachineMy successfully with thumprint" + $ thumbprintA

Write-Host $ message-ForegroundColor Cyan

$ Mypwd = convertid-SecureString-String $ password-Force-AsPlainText

Write-Host "Exporting Certificate as. pfx file"-ForegroundColor Cyan

Export-PfxCertificate-FilePath $ certfilepath-Cert cert: localmachineMy $ thumbprintA-Password $ mypwd

Write-Host "Importing Certificate to LocalMachineRoot"-ForegroundColor Cyan

Import-PfxCertificate-FilePath $ certfilepath-Password $ mypwd-CertStoreLocation cert: LocalMachineRoot

}

Else

{

Write-Host "Thumbprint is not the same between new cert and installed cert."-ForegroundColor Cyan

}

}

Else

{

$ Message = $ certcn + "is not created"

Write-Host $ message-ForegroundColor Cyan

}

}

 

After the certificate is generated and installed successfully, the PowerShell output is:

 

You can see in the Certificate Manager Console:

 

The generated. pfx files can be easily stored on the Web server or Microsoft AZure cloud:

 

Update:

Based on the above GenerateSelfSignedCert function, I used PowerShell to directly improve the UI and automatic script generation. In this way, a friendly Form window will pop up to generate the Code you want. You can run the Code or Copy Code immediately to another machine for execution (because you want to install the certificate, powerShell or PowerShell ISE is required as administrator ):