While exploring options on creating self signed SSL certificate using PowerShell, I got to know one of the good New-SelfSignedCertificate parameter Signer. It can be used by developers for testing purpose or I can also use it to generate fake CA signed certificates for my lab experiments. All the commands are executed on PowerShell as administrator.
Below command generates your first self signed certificate (I am going to use it as a root ssl certificate), under local machines personal certificate store. Provide it some good root equivalent DNS name. This generated certificate will have the private key is included inside.
$selfSignedRootCA = New-SelfSignedCertificate -DnsName SelfSignedRootCA -CertStoreLocation Cert:\LocalMachine\My\
View and verify the certificate thumbprint.
$selfSignedRootCA
Here I am creating second self signed certificate but using parameter -Signer which specifies a Certifcate object with which this cmdlet signs the new certificate. This value must be in the Personal certificate store of the user or device as I am using earlier created self signed certificate. This cmdlet must have read access to the private key of the certificate, included in earlier certificate.
New-SelfSignedCertificate -DnsName TestCertificate -CertStoreLocation Cert:\LocalMachine\My\ -Signer $selfSignedRootCA
Verify and open the second certificate on Certificate MMC >> Personal certificate. Open it and go to Certification Path, it will show complete custom root ca chain. I can use it in my various basic lab activities now where I don't require certificate authority server.
Series
POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS
PowerShell remoting over HTTPS using self-signed SSL certificate
Configure Powershell WinRM to use OpenSSL generated Self-Signed certificate
Powershell WinRM HTTPs CA signed certificate configuration
Powershell Generate Self-signed certificate with Self-Signed Root CA Signer