Virtual Geek

Tales from real IT system administrators world and non-production environment

Powershell Generate Self-signed certificate with Self-Signed Root CA Signer

While exploring options on creating self signed SSL certificate using PowerShell, I got to know one of the good New-SelfSignedCertificate parameter Signer. It can be used by developers for testing purpose or I can also use it to generate fake CA signed certificates for my lab experiments. All the commands are executed on PowerShell as administrator. 

Below command generates your first self signed certificate (I am going to use it as a root ssl certificate), under local machines personal certificate store. Provide it some good root equivalent DNS name. This generated certificate will have the private key is included inside.

$selfSignedRootCA =  New-SelfSignedCertificate  -DnsName SelfSignedRootCA -CertStoreLocation Cert:\LocalMachine\My\

View and verify the certificate thumbprint.


Here I am creating second self signed certificate but using parameter -Signer which specifies a Certifcate object with which this cmdlet signs the new certificate. This value must be in the Personal certificate store of the user or device as I am using earlier created self signed certificate. This cmdlet must have read access to the private key of the certificate, included in earlier certificate.

New-SelfSignedCertificate -DnsName TestCertificate -CertStoreLocation Cert:\LocalMachine\My\  -Signer $selfSignedRootCA

new-selfsignedcertificate microsoft windows powershell dnsname certstorelocation personal thumbprint, psparentpath pki, signed root subordinate intermidiate private key.png

Verify and open the second certificate on Certificate MMC >> Personal certificate. Open it and go to Certification Path, it will show complete custom root ca chain. I can use it in my various basic lab activities now where I don't require certificate authority server.

powershell new-selfsignedcertificate root cert personal trusted root certification authorities enterprise trust trusted publishers intermediate openssl ssl tls microsoft windows powershell pki module.png

PowerShell remoting over HTTPS using self-signed SSL certificate
Configure Powershell WinRM to use OpenSSL generated Self-Signed certificate
Powershell WinRM HTTPs CA signed certificate configuration
Powershell Generate Self-signed certificate with Self-Signed Root CA Signer

Go Back


Blog Search

Page Views


Follow me on Blogarama