To create a self-signed certificate there are various methods like OpenSSL, IIS, PowerShell, etc. Here, we will see how we can create a self-signed certificate with PowerShell.
To create a self-signed certificate with PowerShell, we need to use the New-SelfSignedCertificate command. When you create a self-signed certificate manually, you need to give few properties like DNSName, FriendlyName, Certificate start date, expiry date, Subject, a path of the certificate. Similarly, you can use those properties for this command to create it. Not all properties are mandatory.
New-SelfSignedCertificate ` -CertStoreLocation Cert:\LocalMachine\My ` -DnsName "testdomain.local" -Verbose
PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My Thumbprint Subject ---------- ------- 17722DE732EB07465938FF4810D3CC4B3E87AA5A CN=testdomain.local
You will get output something like above. By default, the self-signed certificate creates a 1-year expiry date from creation. To create a certificate with different expiry and a start date and other properties like a friendly name, use the below command.
New-SelfSignedCertificate ` -CertStoreLocation Cert:\LocalMachine\My ` -DnsName "testdomain.local" ` -FriendlyName "testdomain" ` -NotAfter "03/12/2025" -Verbose
There are also other options like adding the Subject and other properties.