Self-signed certificate generator (PowerShell)

DescriptionThis script is an enhanced open-source PowerShell implementation of deprecated makecert.exe tool and utilizes the most modern certificate API — CertEnroll.

 
 
 
 
 
4.3 Star
(45)
53,949 times
Add to favorites
Security
9/11/2016
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Key Usage Different Options
    1 Posts | Last post May 17, 2018
    • Hi, I only have the option for Key usage [validateSet("Exchange","Signature")].
      I need to generate a certificate where it says "Key Encipherment (20)"
  • RE: Sign a selfsigned cert with Self Signed RootCA
    2 Posts | Last post April 12, 2018
    • I modified the powershell code to achive my previous request by referring to your blog post on CertEnroll APIs. Thansk for the blog posts.
      https://www.sysadmins.lv/blog-en/introducing-to-certificate-enrollment-apis-part-5-enroll-on-behalf-of.aspx
    • Hi Suhas R.S,
      Do you publish your solution anywhere on your modification?  I'd like to reference it.  Can you share with me? Thanks!
  • New-SelfSignedCertificate?
    2 Posts | Last post April 02, 2018
    • What's the different between New-SelfSignedCertificate and New-SelfSignedCertificateEx?
      Can you not do the same thing with the native powershell New-SelfSignedCertificate?
    • The script was created years before native cmdlet appeared.
  • error on execution
    2 Posts | Last post April 02, 2018
    • Method invocation failed because [System.Collections.Generic.Dictionary`2+KeyCollection[[System.String, mscorlib, Versi
      on=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Object, mscorlib, Version=2.0.0.0, Culture=neutra
      l, PublicKeyToken=b77a5c561934e089]]] doesn't contain a method named 'Contains'.
      At C:\Users\administrator.MONTAGE\Downloads\New-SelfSignedCertificateEx.ps1:265 char:38
      +     if ($PSBoundParameters.Keys.Contains <<<< ("IsCA")) {
          + CategoryInfo          : InvalidOperation: (Contains:String) [], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : MethodNotFound
    • You need to run the script in PowerShell 3.0 or higher. Powershell 2.0 is not supported.
  • getting an error on execution
    2 Posts | Last post March 21, 2018
    • Trying to use this on an Exchange server but get this error:
      
      Method invocation failed because [System.Collections.Generic.Dictionary`2+KeyCollection[[System.String, mscorlib, Versi
      on=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Object, mscorlib, Version=2.0.0.0, Culture=neutra
      l, PublicKeyToken=b77a5c561934e089]]] doesn't contain a method named 'Contains'.
      At C:\Users\administrator.MONTAGE\Downloads\New-SelfSignedCertificateEx.ps1:265 char:38
      +     if ($PSBoundParameters.Keys.Contains <<<< ("IsCA")) {
          + CategoryInfo          : InvalidOperation: (Contains:String) [], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : MethodNotFound
    • Tom, How did you resolve this issue? I am getting the same error.
  • How to create certificate
    2 Posts | Last post January 31, 2018
    • Hi,
      
      Am new to the creating of certificates. I just follow a tutorial in the net and suggesting to download this and simply paste this:
      
      New-SelfSignedCertificateEx -Subject "CN=Testing" -IsCA $true -Exportable -StoreLocation LocalMachine -StoreName My
      
      but it seems like its incorrect. Can you validate please?
      
      Thank
    • Hi Marc Anthony, You need to import the New-SelfSignedCertificateEx as a module in PowerShell. To do this, after you extract the New-SelfSignedCertificateEx.ps1 from the ZIP archive, open a PowerShell and run `Import-Module .\New-SelfSignedCertificateEx.ps1`
      See here for more information https://stackoverflow.com/questions/18764312/loading-custom-functions-in-powershell
  • Using this script on Windows 7 and PS 2.0 as admin
    1 Posts | Last post January 19, 2018
    • Hello,
      I need to know how to use this script on my development environment:Windows 7 Pro,PSISE v2.0 (per $PSVersionTable.PSVersion) to create a self signed certificate that is compatible with Chrome 63.
      
      I'm running PS as Administrator used this Command Line:
      New-SelfSignedCertificateEx `
      -Subject "CN=my.localsite.test" `
      -EKU "Server Authentication", "Client Authentication" ` 
      -KU "KeyEncipherment, DigitalSignature, DataEncipherment" `
      -SAN "my.localsite.test","172.20.0.109" `
      -AllowSMIME -Path C:\MyPathTo\Desktop\localsite.pfx `
      -Password (ConvertTo-SecureString "123" -AsPlainText -Force) ` 
      -Exportable
      
      I'm getting this error:
      
      Exception calling "Create" with "0" argument(s): "CertEnroll::CX509PrivateKey::Create: Cannot find object or property. 0x80092004 (-2146885628)"
      At C:\Test\Downloads\New-SelfSignedCertificateEx\New-SelfSignedCertificateEx.ps1:224 char
      :20
      + 	$PrivateKey.Create &lt;&lt;&lt;&lt; ()
          + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : ComMethodTargetInvocation
      
      I'm trying to create a SSC for web development on IIS 7.5 on the above system. IIS 7.5 has the ability to create a SSC but not with SAN data, which apparently Chrome is expecting.
      
      Any help would be greatly appreciated.
  • create self-signed certificates with a graphical user interface
    1 Posts | Last post January 05, 2018
    • To create self-signed certificates easily, you can use this free tool with a graphical user interface: Itiverba Self Signed Certificate Generator: http://www.itiverba.com/en/software/itisscg.php
      
      Like this script, this utility is based on the Microsoft Enrollment API.
  • Sign a selfsigned cert with Self Signed RootCA
    1 Posts | Last post November 23, 2017
    • Hi Vadims,
      I see that this script provides a way to create a CA cert with IsCA option, but how do I create a self-signed certificate signed by that CA cert ? I didnt see nay IsssuerCert or Signer Cert option. Is it possible to update this script for that capability ? It would be helpful as I can trust a single CA cert in our team's local machines for development and test environments.
  • Upload to PowerShell Gallery
    3 Posts | Last post August 25, 2017
    • Hi Vadims,
      Would you consider uploading this script to PowerShell Gallery? This would make it more accessible as well as opening it up to being more easily used in automated tests.
      Tx
    • Not yet. I don't consider PowerShell Gallery suitable for standalone scripts.
    • Hi There,
      
      The PS Gallery supports both Modules and stand alone scripts. It was designed with both in mind. See the front page of the Gallery - it specifically calls out Publish-Script, Install-Script, Save-Script etc - which are all designed for standalone scripts.
      
      The reason why this is a much better option than script center is it is far easier for deployment automation and we can also guaranteeing that it is always accessible. FYI, I'm requesting this because we use this over in the Microsoft DSC Resource Kit as part of the test automation and we'd prefer to use a more reliable method of retrieving this than the script center.
      
      Tx
1 - 10 of 56 Items