Self-signed certificates are widely used for testing, development, and use on local or cloud websites (such as Microsoft Azure Web Site. This article describes how to use PowerShell to quickly generate a self-signed certificate on Win8.1 and Win2012 R2, automatically export the private key, and automatically install it under LocalMachineMy and LocalMachineRoot. Easy to use. [Here is the complete script download link CodePlex or GitHub]
Currently, the methods for creating Self-Signed certificates include MakeCert and CertMgr, SelfSSL or SelfSSL7, built-in functions of IIS 7/8, or complicated PowerShell scripts. these methods require you to remember the complex parameters of multiple command lines, or perform manual UI operations, or have a deep understanding of the detailed logic of certificate generation. The script method here is to use the Powershell PKI Cmdlet that comes with the new system. You only need to tell the most basic certificate Subject, private key to protect the password, and export the private key path:
GenerateSelfSignedCert www.mytest.com MyTestPassword c: tempmytest. pfx
The functions used are defined as follows:
<#
. DESCRIPTION
SelfSignedCertificate AutoScript
. NOTES
Author: Freist Li
Last Updated: 10/30/2014
#>
# Cert Genearation Related Functions
#*************************************** **************************************** *************************************
# Create Cert, install Cert to My, install Cert to Root, Export Cert as pfx
Function GenerateSelfSignedCert {
Param (
$ Certcn,
$ Password,
$ Certfilepath
)
# Check if the certificate name was used before
$ ThumbprintA = (dir cert: localmachineMy-recurse | where {$ _. Subject-match "CN =" + $ certcn} | Select-Object-Last 1). thumbprint
If ($ thumbprintA. Length-gt 0)
{
Write-Host "Duplicated Cert Name used"-ForegroundColor Cyan
Return
}
Else
{
$ ThumbprintA = New-SelfSignedCertificate-DnsName $ certcn-CertStoreLocation cert: LocalMachineMy | ForEach-Object {$ _. Thumbprint}
}
# If generated successfully
If ($ thumbprintA. Length-gt 0)
{
# Query the new installed cerificate again
$ ThumbprintB = (dir cert: localmachineMy-recurse | where {$ _. Subject-match "CN =" + $ certcn} | Select-Object-Last 1). thumbprint
# If new cert installed sucessfully with the same thumbprint
If ($ thumbprintA-eq $ thumbprintB)
{
$ Message = $ certcn + "installed into LocalMachineMy successfully with thumprint" + $ thumbprintA
Write-Host $ message-ForegroundColor Cyan
$ Mypwd = convertid-SecureString-String $ password-Force-AsPlainText
Write-Host "Exporting Certificate as. pfx file"-ForegroundColor Cyan
Export-PfxCertificate-FilePath $ certfilepath-Cert cert: localmachineMy $ thumbprintA-Password $ mypwd
Write-Host "Importing Certificate to LocalMachineRoot"-ForegroundColor Cyan
Import-PfxCertificate-FilePath $ certfilepath-Password $ mypwd-CertStoreLocation cert: LocalMachineRoot
}
Else
{
Write-Host "Thumbprint is not the same between new cert and installed cert."-ForegroundColor Cyan
}
}
Else
{
$ Message = $ certcn + "is not created"
Write-Host $ message-ForegroundColor Cyan
}
}
After the certificate is generated and installed successfully, the PowerShell output is:
You can see in the Certificate Manager Console:
The generated. pfx files can be easily stored on the Web server or Microsoft AZure cloud:
Update:
Based on the above GenerateSelfSignedCert function, I used PowerShell to directly improve the UI and automatic script generation. In this way, a friendly Form window will pop up to generate the Code you want. You can run the Code or Copy Code immediately to another machine for execution (because you want to install the certificate, powerShell or PowerShell ISE is required as administrator ):