Creating a self-signed certificate


Public Key Infrastructure (PKI) enables secure electronic communication through the use of certificates that can be used to encrypt secrets and sign messages to verify authenticity and integrity.


Certificates can be granted by a real world entity called a Certificate Authority (CA). Certificates not supplied by a CA are called self-signed certificates. Many tools are available to create self-signed certificates. Powershell will be leveraged in this example to enable automation scenarios.


Figure 1: Create certificate and export it [1].
$password = ConvertTo-SecureString -String [password] -AsPlainText -Force

New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My `
-DnsName [certificate name] |
Export-PfxCertificate -File [path to PFX file] -Password $password

ConvertTo-SecureString is used to convert a string into a secure string.

New-SelfSignedCertificate is used to create the certificate.

-CertStoreLocation specifies where to store the certificate [2]. Cert:\CurrentUser\My denotes the current user’s personal credential store.

The backtick character (`) is used to enable splitting a Powershell command over multiple lines [3].

-DnsName is used to give the certificate a name.

The output is an instance of X509Certificate2. It is piped into Export-PfxCertificate to enable exporting the certificate to a PFX file encrypted with the specified password.

Works Cited

  1. Programming Microsoft Azure Service Fabric (ISBN 9781509301881), by Haishi Bai
%d bloggers like this: