{"id":289329,"date":"2021-07-02T12:00:00","date_gmt":"2021-07-02T09:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-create-a-self-signed-certificate-with-powershell-cloudsavvy-it\/"},"modified":"2021-07-02T12:00:00","modified_gmt":"2021-07-02T09:00:00","slug":"how-to-create-a-self-signed-certificate-with-powershell-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-create-a-self-signed-certificate-with-powershell-cloudsavvy-it\/","title":{"rendered":"#How to Create a Self-Signed Certificate with PowerShell \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a39ba518eac1\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a39ba518eac1\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-create-a-self-signed-certificate-with-powershell-cloudsavvy-it\/#Creating_a_Self-Signed_Certificate\" >Creating a Self-Signed Certificate<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-create-a-self-signed-certificate-with-powershell-cloudsavvy-it\/#Finding_Information_on_our_Certificate\" >Finding Information on our Certificate<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-create-a-self-signed-certificate-with-powershell-cloudsavvy-it\/#Code_Signing_Certificate\" >Code Signing Certificate<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-create-a-self-signed-certificate-with-powershell-cloudsavvy-it\/#Document_Protection_Certificate\" >Document Protection Certificate<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-create-a-self-signed-certificate-with-powershell-cloudsavvy-it\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How to Create a Self-Signed Certificate with PowerShell \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage alignnone size-full wp-image-4374\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2020\/03\/23e4a5a4.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Powershell logo\" width=\"1400\" height=\"578\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Self-signed_certificate\">Self-signed certificates<\/a> are an easy way to perform testing and other less important tasks. Self-signed certificates do not have a trusted chain of certificates backing them up and are signed by the user who created it. If you trust the entity that signed the certificate then you can use it just as you would a properly validated one.<\/p>\n<p>If you need to create a self-signed certificate, one way you can do so is with PowerShell. In this article, you\u2019re going to learn how to create a self-signed certificate in PowerShell.<\/p>\n<h2 id=\"creating-a-self-signed-certificate\"><span class=\"ez-toc-section\" id=\"Creating_a_Self-Signed_Certificate\"><\/span>Creating a Self-Signed Certificate<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>To create a self-signed certificate with PowerShell, you can use the <code>New-SelfSignedCertificate<\/code> cmdlet. This cmdlet is included in the <code>PKI<\/code> module.<\/p>\n<p>There are many options when it comes to creating certificates. Common self-signed certificate types are <code>SSLServerAuthentication<\/code> (default for the cmdlet) and <code>CodeSigning<\/code>. Also, you can create a <code>DocumentEncryptionCert<\/code>, which is very useful for encrypting files, and finally a <code>Custom<\/code> certificate that lets you specify many custom options.<\/p>\n<p>Let\u2019s go ahead and create a regular <code>SSLServerAuthentication<\/code> certificate. This is one that usually is used to protect websites with SSL encryption. You can see an example of this below. In this example, the certificate is being stored in the <code>Cert:LocalMachineMy Certificate Store<\/code>.<\/p>\n<pre><code>$Params = @{&#13;\n    \"DnsName\"           = @(\"mywebsite.com\",\"www.mywebsite.com\")&#13;\n    \"CertStoreLocation\" = \"Cert:LocalMachineMy\"&#13;\n    \"NotAfter\"          = (Get-Date).AddMonths(6)&#13;\n    \"KeyAlgorithm\"      = \"RSA\"&#13;\n  \"KeyLength\"         = \"2048\"&#13;\n}&#13;\n&#13;\nPS C:&gt; New-SelfSignedCertificate @Params&#13;\n&#13;\nPSParentPath: Microsoft.PowerShell.SecurityCertificate::LocalMachineMy&#13;\n&#13;\nThumbprint                                Subject              EnhancedKeyUsageList&#13;\n----------                                -------              --------------------&#13;\n4EFF6B1A0F61B4BG692C77F09889BD151EE8BB58  CN=mywebsite.com     {Client Authentication, Server Authentication}<\/code><\/pre>\n<p>If all went well, you should now have a newly-created certificate! You will notice that the output returns the subject but the subject only displays the first item passed to it via the <code>DnsName<\/code> parameter. This is because the second URL becomes part of the subject alternate list.<\/p>\n<p>*Note if you attempt to run this, not as an Administrator, you will get an error message such as below:<\/p>\n<p><code>New-SelfSignedCertificate: CertEnroll::CX509Enrollment::_CreateRequest: Access denied. 0x80090010 (-2146893808 NTE_PERM)<\/code><\/p>\n<p>As you can tell with the <code>Access denied<\/code>, you do not yet have permission to run this.*<\/p>\n<h2 id=\"finding-information-on-our-certificate\"><span class=\"ez-toc-section\" id=\"Finding_Information_on_our_Certificate\"><\/span>Finding Information on our Certificate<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Let\u2019s make sure the certificate was created the way we expected. To find information on a particular certificate with PowerShell, you can use the <code>Get-ChildItem<\/code> cmdlet, just as you might list files in a directory.<\/p>\n<pre><code>PS C:&gt; Get-ChildItem -Path \"Cert:LocalMachineMy\" | Where-Object Thumbprint -EQ 4EFF6B1A0F61B4BF692C77F09889AD151EE8BB58 | Select-Object *&#13;\n&#13;\nPSPath                   : Microsoft.PowerShell.SecurityCertificate::LocalMachineMy4EFF6B1A0F61B4BF692C77F09889AD151EE8BB58&#13;\n                           58&#13;\nPSParentPath             : Microsoft.PowerShell.SecurityCertificate::LocalMachineMy&#13;\nPSChildName              : 4EFF6B1A0F61B4BF692C77F09889AD151EE8BB58&#13;\nPSDrive                  : Cert&#13;\nPSProvider               : Microsoft.PowerShell.SecurityCertificate&#13;\nPSIsContainer            : False&#13;\nEnhancedKeyUsageList     : {Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1)}&#13;\nDnsNameList              : {mywebsite.com, www.mywebsite.com}&#13;\nSendAsTrustedIssuer      : False&#13;\nEnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty&#13;\nEnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty&#13;\nPolicyId                 :&#13;\nArchived                 : False&#13;\nExtensions               : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,&#13;\n                           System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}&#13;\nFriendlyName             :&#13;\nHasPrivateKey            : True&#13;\nPrivateKey               : System.Security.Cryptography.RSACng&#13;\nIssuerName               : System.Security.Cryptography.X509Certificates.X500DistinguishedName&#13;\nNotAfter                 : 6\/22\/2020 11:50:15 AM&#13;\nNotBefore                : 12\/22\/2019 10:40:20 AM&#13;\nPublicKey                : System.Security.Cryptography.X509Certificates.PublicKey&#13;\nRawData                  : {48, 130, 3, 55\u2026}&#13;\nSerialNumber             : 608C4D5E6B8D41B44ADDC6BD725FE264&#13;\nSignatureAlgorithm       : System.Security.Cryptography.Oid&#13;\nSubjectName              : System.Security.Cryptography.X509Certificates.X500DistinguishedName&#13;\nThumbprint               : 4EFF6B1A0F61B4BF692C77F09889AD151EE8BB58&#13;\nVersion                  : 3&#13;\nHandle                   : 2628421609632&#13;\nIssuer                   : CN=mywebsite.com&#13;\nSubject                  : CN=mywebsite.com<\/code><\/pre>\n<p>There is a lot of great information here, but you may notice in the <code>DnsNameList<\/code> that both of the sites are now shown. In addition, the <code>NotAfter<\/code> date is correctly populated to be 6 months from the date of creation.<\/p>\n<h2 id=\"code-signing-certificate\"><span class=\"ez-toc-section\" id=\"Code_Signing_Certificate\"><\/span>Code Signing Certificate<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you work in PowerShell, you will know about <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/adamtheautomator.com\/set-executionpolicy\/\">execution policies<\/a>. If you have an execution policy set to <code>AllSigned<\/code> then you would need to sign each <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">script<\/a> that runs on your system. To create a certificate to do this, it\u2019s pretty simple!<\/p>\n<pre><code>PS C:&gt; New-SelfSignedCertificate -Type 'CodeSigningCert' -DnsName 'MyHost'&#13;\n&#13;\nPSParentPath: Microsoft.PowerShell.SecurityCertificate::LocalMachineMY&#13;\n&#13;\nThumbprint                                Subject              EnhancedKeyUsageList&#13;\n----------                                -------              --------------------&#13;\n14D535EG834370293BA103159EB00876A79959D8  CN=MyHost            Code Signing<\/code><\/pre>\n<h2 id=\"document-protection-certificate\"><span class=\"ez-toc-section\" id=\"Document_Protection_Certificate\"><\/span>Document Protection Certificate<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You may not have encountered this much before, but PowerShell, with the Data Protection API, can encrypt files on your system using a Document Protection Certificate. Using the <code>New-SelfSignedCertificate<\/code>\u00a0cmdlet, we can easily make a certificate to encrypt your documents.<\/p>\n<pre><code>$Params = @{&#13;\n    \"DnsName\"           = \"MyHost\"&#13;\n    \"CertStoreLocation\" = \"Cert:CurrentUserMy\"&#13;\n    \"KeyUsage\"          = \"KeyEncipherment\",\"DataEncipherment\",\"KeyAgreement\"&#13;\n    \"Type\"              = \"DocumentEncryptionCert\"&#13;\n}&#13;\n&#13;\nPS C:&gt; New-SelfSignedCertificate @Params&#13;\n&#13;\nThumbprint                                Subject              EnhancedKeyUsageList&#13;\n----------                                -------              --------------------&#13;\n14D535EG934370293BA203159EB00876A79959D8  CN=MyHost            Document Encryption<\/code><\/pre>\n<p>With this type of certificate, you can now use the certificate created to encrypt and decrypt content using PowerShell commands like <code>Protect-CMSMessage<\/code> and <code>UnProtect-CMSMessage<\/code>.<\/p>\n<p>Encrypting\/decrypting content like this becomes useful if you need to pass the encrypted data around since you can then use this certificate on another system to decrypt the data. If you rely on the standard Data Protection API (DPAPI) built into Windows, then you would not be able to decrypt the data on other systems or for other users.<\/p>\n<h2 id=\"summary\"><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>PowerShell makes creating self-signed certificates incredibly easy to do. These certificates have a myriad of uses, but an important note to remember is that they should only be used in testing. You won\u2019t have a valid certificate trust chain to validate your self-signed certificates.<\/p>\n<p>Seeing how quick and easy it is to create self-signed certificates are, you can start doing this today and properly encrypting any connections or data that you need to!\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/3274\/how-to-create-a-self-signed-certificate-with-powershell\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How to Create a Self-Signed Certificate with PowerShell \u2013 CloudSavvy IT&#8221; Self-signed certificates are an easy way to perform testing and other less important tasks. Self-signed certificates do not have a trusted chain of certificates backing them up and are signed by the user who created it. If you trust the entity that signed the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":289330,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2020\/03\/23e4a5a4.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-289329","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/289329","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=289329"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/289329\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/289330"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=289329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=289329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=289329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}