How to Create Self-signed Certificate on Windows

Certificates are an essential part of ensuring security in sites. For adding a certificate, you need to buy a certificate or deploy your own Public Key Infrastructure. For running a successful production environment, it’s a must. However, when developing, obtaining a certificate in this manner is a hardship. Instead, you can create your own self-signed certificate on Windows.

In Windows, there are 2 different approaches to create a self-signed certificate.

Method 1

Here, I’m describing how to create one using PowerShell. For your knowledge, PowerShell is a task automation and configuration management framework developed and distributed by Microsoft as a part of Windows operating system. It works using a command-line shell and associated script language.

Prerequisite

Before jumping to the certificate generation, you need to make sure that your PowerShell is v5. To check your PowerShell version, follow these steps.

• From the Start menu, type “powershell” >> hit Enter.
• Type the following command and press Enter:

$PSVersionTable.PSVersion

Here, my PowerShell “Major” is 5, meaning v5. If your PowerShell is lower than that, you need to update your Windows Management Framework. It’s available for Windows 7 and Windows 8.1. Download Windows Management Framework.

Creating the certificate

Now, we have to create the certificate.

• Run the following command:

$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname testcert.osradar.com

The “New-SelfSignedCertificate” cmdlet will create the certificate. Note that you need to change the “testcert.osradar.com” with the FQDN (Fully Qualified Domain Name) you would like to use.

• Create a password for the certificate using the following line:

$pwd = ConvertTo-SecureString -String ‘passw0rd!’ -Force -AsPlainText

Change ‘passw0rd’ with your preferred password.

Export the certificate

It’s time to export the self-signed certificate.

• Run this command:

$path = 'cert:\localMachine\my\' + $cert.thumbprint 
Export-PfxCertificate -cert $path -FilePath c:\temp\cert.pfx -Password $pwd

Make sure that you enter a valid path in place of “c:\temp\cert.pfx”. Enter the password in place of “$pwd”.

Now, your certificate is available in the folder. It can be imported and deployed into any Windows system.

Method 2

If the previous process seems a bit creepy, you can follow this one. It’s a bit lengthy but simple.

Creating the certificate

• Go to Start menu >> type “Run” >> hit Enter.

• Type “mmc.exe” >> click OK.
• In the console, go to File >> Add/Remove Snap-in…

• From the left panel, select Certificates >> click Add.

• From the new dialogue box, select Computer account >> click Next.

• Select Local computer >> click Finish.

• You’ll be back on the “Add/Remove Snap-ins” box. Click OK.

Your certificate is created.

Installing the certificate to the trusted root

It’s a best practice to set the certificate in the trusted root as well.

• From the “mmc.exe”, navigate to Certificates >> Personal >> Certificates from the left panel.
• Right-click on your certificate >> select Copy.

• Navigate to Trusted Root Certificate Authorities >> Certificates.
• Right-click and select Paste.

Exporting the certificate

For exporting the certificate, follow these procedures.

• From “mmc.exe”, navigate to Certificate >> Trusted Root Certificate Authorities >> Certificates.
• Right-click on your certificate >> go to All Tasks >> Export.

• Select “Yes, export the private key”.

• Leave options as they are and click Next.

• Enter a password for the certificate >> click Next.

• Choose the folder where you want to save the certificate >> click Next.
• Click Finish.

Now, your certificate is ready for deployment. For using the certificate, installing it into browsers etc. tricks, follow this in-depth guide.