23 C
Mel K
LInux Guru and Technical Writer

How to Create Self-signed Certificate on Windows

Certificates are an essential part of ensuring security in sites. For adding a certificate, you need to buy a certificate or deploy your own Public Key Infrastructure. For running a successful production environment, it’s a must. However, when developing, obtaining a certificate in this manner is a hardship. Instead, you can create your own self-signed certificate on Windows.

In Windows, there are 2 different approaches to create a self-signed certificate.

Method 1

Here, I’m describing how to create one using PowerShell. For your knowledge, PowerShell is a task automation and configuration management framework developed and distributed by Microsoft as a part of Windows operating system. It works using a command-line shell and associated script language.


Before jumping to the certificate generation, you need to make sure that your PowerShell is v5. To check your PowerShell version, follow these steps.

  • From the Start menu, type “powershell” >> hit Enter.
  • Type the following command and press Enter:
- Advertisement -

Here, my PowerShell “Major” is 5, meaning v5. If your PowerShell is lower than that, you need to update your Windows Management Framework. It’s available for Windows 7 and Windows 8.1. Download Windows Management Framework.

Creating the certificate

Now, we have to create the certificate.

  • Run the following command:
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname testcert.osradar.com

The “New-SelfSignedCertificate” cmdlet will create the certificate. Note that you need to change the “testcert.osradar.com” with the FQDN (Fully Qualified Domain Name) you would like to use.

  • Create a password for the certificate using the following line:
$pwd = ConvertTo-SecureString -String ‘passw0rd!’ -Force -AsPlainText

Change ‘passw0rd’ with your preferred password.

Export the certificate

It’s time to export the self-signed certificate.

  • Run this command:
$path = 'cert:\localMachine\my\' + $cert.thumbprint 
Export-PfxCertificate -cert $path -FilePath c:\temp\cert.pfx -Password $pwd

Make sure that you enter a valid path in place of “c:\temp\cert.pfx”. Enter the password in place of “$pwd”.

Now, your certificate is available in the folder. It can be imported and deployed into any Windows system.

Method 2

If the previous process seems a bit creepy, you can follow this one. It’s a bit lengthy but simple.

Creating the certificate

  • Go to Start menu >> type “Run” >> hit Enter.

  • Type “mmc.exe” >> click OK.
  • In the console, go to File >> Add/Remove Snap-in…

  • From the left panel, select Certificates >> click Add.

  • From the new dialogue box, select Computer account >> click Next.

  • Select Local computer >> click Finish.

  • You’ll be back on the “Add/Remove Snap-ins” box. Click OK.

Your certificate is created.

Installing the certificate to the trusted root

It’s a best practice to set the certificate in the trusted root as well.

  • From the “mmc.exe”, navigate to Certificates >> Personal >> Certificates from the left panel.
  • Right-click on your certificate >> select Copy.

  • Navigate to Trusted Root Certificate Authorities >> Certificates.
  • Right-click and select Paste.

Exporting the certificate

For exporting the certificate, follow these procedures.

  • From “mmc.exe”, navigate to Certificate >> Trusted Root Certificate Authorities >> Certificates.
  • Right-click on your certificate >> go to All Tasks >> Export.

  • Select “Yes, export the private key”.

  • Leave options as they are and click Next.

  • Enter a password for the certificate >> click Next.

  • Choose the folder where you want to save the certificate >> click Next.
  • Click Finish.

Now, your certificate is ready for deployment. For using the certificate, installing it into browsers etc. tricks, follow this in-depth guide.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"


  1. PS C:\Windows\system32> $path = ‘cert:\localMachine\my\’ + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath c:\users\mad\cert.pfx -Password x
    At line:1 char:53
    + … t:\localMachine\my\’ + $cert.thumbprint Export-PfxCertificate -cert $ …
    + ~~~~~~~~~~~~~~~~~~~~~
    Unexpected token ‘Export-PfxCertificate’ in expression or statement.
    + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

    so. thanks for that.

  2. Using windows 10 Pro. The command noted in the previous comment has not been corrected in the tutorial, so it fails. I then tried method2. No certificate was created so I could not export it.


Please enter your comment!
Please enter your name here

Latest article