Create Self-Signed Certificate using powershell
Is there any powershell snap-in/cmdlet to create self-signed certificate .?
May 4th, 2012 8:41am
Run this command in powershell window-
Get-Help about_signing
You will see this section -
=====================================================================
CREATE A SELF-SIGNED CERTIFICATE
--------------------------------
To create a self-signed certificate, use the Certificate Creation
tool (MakeCert.exe). This tool is included in the Microsoft .NET Framework
SDK (versions 1.1 and later) and in the Microsoft Windows SDK.
For more information about the syntax and the parameter descriptions of the
MakeCert.exe tool, see "Certificate Creation Tool (MakeCert.exe)" in the
MSDN (Microsoft Developer Network) library at
http://go.microsoft.com/fwlink/?LinkId=119097.
To use the MakeCert.exe tool to create a certificate, run the following
commands in an SDK Command Prompt window.
Note: The first command creates a local certification authority for
your computer. The second command generates a personal
certificate from the certification authority.
Note: You can copy or type the commands exactly as they appear.
No substitutions are necessary, although you can change the
certificate name.
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 `
-eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer `
-ss Root -sr localMachine
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 `
-eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
The MakeCert.exe tool will prompt you for a private key password. The
password ensures that no one can use or access the certificate without
your consent. Create and enter a password that you can remember. You will
use this password later to retrieve the certificate.
To verify that the certificate was generated correctly, use the
following command to get the certificate in the certificate
store on the computer. (You will not find a certificate file in the
file system directory.)
At the Windows PowerShell prompt, type:
get-childitem cert:\CurrentUser\my -codesigning
This command uses the Windows PowerShell Certificate provider to view
information about the certificate.
If the certificate was created, the output shows the thumbprint
that identifies the certificate in a display that resembles the following:
Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\My
Thumbprint Subject
---------- -------
4D4917CB140714BA5B81B96E0B18AAF2C4564FDF CN=PowerShell User ]
=====================================================================
I suggest you ask additonal powershell questions here to get help from the right members-
http://social.technet.microsoft.com/Forums/en-us/winserverpowershell/threads Sachin Gadhave (MCP, MCTS)
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 8:55am
an example of calling makecert from via powershell you can find here:
http://gallery.technet.microsoft.com/be2da634-978b-48d7-b3ab-01c593c9d177
could be used as a starting point for you
May 4th, 2012 11:38am
Hi,
take a look at these links they can help :
http://blogs.technet.com/b/vishalagarwal/archive/2009/08/22/generating-a-certificate-self-signed-using-powershell-and-certenroll-interfaces.aspx
http://social.technet.microsoft.com/wiki/contents/articles/4714.how-to-generate-a-self-signed-certificate-using-powershell-en-us.aspxOussama Oueslati | System Engineer | vNext Consulting
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2012 6:30am
Is there any simpler way, other than makecert and all that code on http://blogs.technet.com/b/vishalagarwal/archive/2009/08/22/generating-a-certificate-self-signed-using-powershell-and-certenroll-interfaces.aspx to do this.
Any simple to use powershell cmdlets.
I have installed windows 2008 Server R2 64 bit Standard Edition. However Microsoft.Net framework SDK and Microsoft Windows SDK do not get installed.
Not sure if these are available on Win2008 Server R2 CD or not. But I want to avoid getting these from outside and then install them just to use makecert only.
Let me know if it(SDK) is available on CD, then what role/feature that I need to be installed to get them.
May 7th, 2012 12:02am