How to create a self-signed certificate using PowerShell?

To create a self-signed certificate there are various methods like OpenSSL, IIS, PowerShell, etc. Here, we will see how we can create a self-signed certificate with PowerShell.

To create a self-signed certificate with PowerShell, we need to use the New-SelfSignedCertificate command. When you create a self-signed certificate manually, you need to give few properties like DNSName, FriendlyName, Certificate start date, expiry date, Subject, a path of the certificate. Similarly, you can use those properties for this command to create it. Not all properties are mandatory.

Example

New-SelfSignedCertificate `
   -CertStoreLocation Cert:\LocalMachine\My `
   -DnsName "testdomain.local" -Verbose

Output

PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My
Thumbprint                                Subject                                                             ----------                                -------                                                             17722DE732EB07465938FF4810D3CC4B3E87AA5A  CN=testdomain.local                    

You will get output something like above. By default, the self-signed certificate creates a 1-year expiry date from creation. To create a certificate with different expiry and a start date and other properties like a friendly name, use the below command.

Example

New-SelfSignedCertificate `
   -CertStoreLocation Cert:\LocalMachine\My `
   -DnsName "testdomain.local" `
   -FriendlyName "testdomain" `
   -NotAfter "03/12/2025" -Verbose

There are also other options like adding the Subject and other properties.