Certificates are an essential part of ensuring security in sites. For adding a certificate, you need to buy a certificate or deploy your own Public Key Infrastructure. For running a successful production environment, it’s a must. However, when developing, obtaining a certificate in this manner is a hardship. Instead, you can create your own self-signed certificate on Windows.
In Windows, there are 2 different approaches to create a self-signed certificate.
Here, I’m describing how to create one using PowerShell. For your knowledge, PowerShell is a task automation and configuration management framework developed and distributed by Microsoft as a part of Windows operating system. It works using a command-line shell and associated script language.
Before jumping to the certificate generation, you need to make sure that your PowerShell is v5. To check your PowerShell version, follow these steps.
- From the Start menu, type “powershell” >> hit Enter.
- Type the following command and press Enter:
Here, my PowerShell “Major” is 5, meaning v5. If your PowerShell is lower than that, you need to update your Windows Management Framework. It’s available for Windows 7 and Windows 8.1. Download Windows Management Framework.
Creating the certificate
Now, we have to create the certificate.
- Run the following command:
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname testcert.osradar.com
The “New-SelfSignedCertificate” cmdlet will create the certificate. Note that you need to change the “testcert.osradar.com” with the FQDN (Fully Qualified Domain Name) you would like to use.
- Create a password for the certificate using the following line:
$pwd = ConvertTo-SecureString -String ‘passw0rd!’ -Force -AsPlainText
Change ‘passw0rd’ with your preferred password.
Export the certificate
It’s time to export the self-signed certificate.
- Run this command:
$path = 'cert:\localMachine\my\' + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath c:\temp\cert.pfx -Password $pwd
Make sure that you enter a valid path in place of “c:\temp\cert.pfx”. Enter the password in place of “$pwd”.
Now, your certificate is available in the folder. It can be imported and deployed into any Windows system.
If the previous process seems a bit creepy, you can follow this one. It’s a bit lengthy but simple.
Creating the certificate
- Go to Start menu >> type “Run” >> hit Enter.
- Type “mmc.exe” >> click OK.
- In the console, go to File >> Add/Remove Snap-in…
- From the left panel, select Certificates >> click Add.
- From the new dialogue box, select Computer account >> click Next.
- Select Local computer >> click Finish.
- You’ll be back on the “Add/Remove Snap-ins” box. Click OK.
Your certificate is created.
Installing the certificate to the trusted root
It’s a best practice to set the certificate in the trusted root as well.
- From the “mmc.exe”, navigate to Certificates >> Personal >> Certificates from the left panel.
- Right-click on your certificate >> select Copy.
- Navigate to Trusted Root Certificate Authorities >> Certificates.
- Right-click and select Paste.
Exporting the certificate
For exporting the certificate, follow these procedures.
- From “mmc.exe”, navigate to Certificate >> Trusted Root Certificate Authorities >> Certificates.
- Right-click on your certificate >> go to All Tasks >> Export.
- Select “Yes, export the private key”.
- Leave options as they are and click Next.
- Enter a password for the certificate >> click Next.
- Choose the folder where you want to save the certificate >> click Next.
- Click Finish.
Now, your certificate is ready for deployment. For using the certificate, installing it into browsers etc. tricks, follow this in-depth guide.