One of the cool features of Windows 8 is the improved set of PowerShell commandlets that have been shipped with it. There are several of them which could have made the task a lot easier for the server admins.
In here I will be discussing about one of the commandlets using which we can create a self-signed SSL Certificate. Yes, I mean self-signed and a SAN Certificate.
What you also need to know is that there are no lengthy procedures, it is a simple command with few parameters which adds to the simplicity.
So here are few pre-requisites that I could think of,
Commandlet Name: New-SelfSignedCertificate
New-SelfSignedCertificate [-CertStoreLocation <String>] [-CloneCert <Certificate>] [-DnsName <String>] [-Confirm <SwitchParameter>] [-WhatIf <SwitchParameter>] [<CommonParameters>]
Consider you need to create a self-signed SAN certificate for the following hostnames:
Using the above commandlet the cert can be issued and automatically placed in the personal store of My Computer Account.
Here is the command that we need to execute to generate the cert.
PS C:\> New-SelfSignedCertificate -DnsName www.test.com, www.test.edu, www.test.testing.com -CertStoreLocation cert:\LocalMachine\My
This will install the self-signed cert in the Personal store of machine account.
Note: Certificate wouldn’t be trusted. Place the certificate in the Trusted Root CA store and the error will go away.
So this is what the certificate looks like:
It can’t get easier than this.
Another thing worthwhile mentioning is the help menu, which is very descriptive. I have pasted the entire help menu content for the above commandlet below
The good thing is that it also provides descriptive examples.
The New-SelfSignedCertificate cmdlet creates a self-signed certificate for testing purposes. Using the CloneCert parameter, a test certificate can be created based on an existing certificate with all settings copied from the original certificate except for the public key. A new key of the same algorithm and length will be created.
If an existing certificate is not being cloned, then an SSL server certificate with the following default settings is created:
Delegation may be required when using this cmdlet with Windows PowerShell® remoting and changing user configuration.
Specifies the certificate store in which a new certificate will be stored. The current path is the default value.
Specifies one or more DNS names to put into the Subject Alternative Name extension of the certificate when a certificate to be copied is not specified via the CloneCert parameter. The first DNS name is also saved as Subject Name and Issuer Name.
Prompts you for confirmation before running the cmdlet.
Shows what would happen if the cmdlet runs. The cmdlet is not run.
The Certificate object can either be provided as a Path object to a certificate or an X509Certificate2 object.
An X509Certificate2 object for the certificate that has been created.