Using PowerShell to Make a Self-Signed Certificate

Making a Self-Signed Certificate

A lot of services on Azure and on-premis require us to create or buy certificates. Now there are a couple of ways to create certificates. I used to do it using makecert

makecert -sky exchange -r -n "CN=<Domain Name>" -pe -a sha1 -len 2048 -ss My -sv <Domain Name>.pvk <Domain Name>.cer 
 
pvk2pfx -pvk <Domain Name>.pvk -pi <Password> -spc <Domain Name>.cer -pfx <Domain Name>.pfx

Recently, I started making my certificates using PowerShell

$CertPassword = '<Password>'
$CertDNSName = '<Domain Name>'

$SecurePassword = ConvertTo-SecureString -String $CertPassword `
                                         -AsPlainText `
                                         -Force

$CertFileFullPath = $(Join-Path (Split-Path -Parent 'C:\Users\<User ID>\Desktop\') "$CertDNSName.pfx")

$NewCert = New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My `
                                     -DnsName $CertDNSName

Export-PfxCertificate -FilePath $CertFileFullPath `
                      -Password $SecurePassword `
                      -Cert $NewCert

Why PowerShell? That’s a valid question right, I mean we’ve used makecert for ever right?

I use the PowerShell CMDLETs because it feels right. When I’m building PowerShell scripts I tend to limit the switched between scripting and programming languages. I find that sticking to one or few of these languages results in scripts that are easier to maintain.

45.501689 -73.567256