Self-signed certificate generator (PowerShell)

DescriptionThis script is an enhanced open-source PowerShell implementation of deprecated makecert.exe tool and utilizes the most modern certificate API — CertEnroll.

 
 
 
 
 
4.3 Star
(50)
65,055 times
Add to favorites
Security
9/11/2016
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Trying to create a Self Signed SAN Cert
    1 Posts | Last post June 27, 2017
    • This is the problem I am running into:
      New-SelfsignedCertificateEx -Subject "CN=child.domain.com" -EKU "Server Authentication", "Client authentication" ` -KeyUsage "KeyEncipherment, DigitalSignature" -SAN "SN1.child.domain.com","SN1.child.domain.com", ` -StoreLocation "LocalMachine" -ProviderName "Microsoft Software Key Storage Provider" -AlgorithmName ecdh_256 ` -KeyLength 256 -SignatureAlgorithm sha256
      New-SelfSignedCertificateEx : Cannot process argument transformation on parameter 'NotBefore'. Cannot convert value "LocalMachine" to type 
      "System.DateTime". Error: "The string was not recognized as a valid DateTime. There is an unknown word starting at index 0."
      At line:1 char:267
      + ... -StoreLocation "LocalMachine" -ProviderName "Microsoft Software Key Storae Provi ...
      +                    ~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidData: (:) [New-SelfSignedCertificateEx], ParameterBindingArgumentTransformationException
          + FullyQualifiedErrorId : ParameterArgumentTransformationError,New-SelfSignedCertificateEx
  • Creating Certs
    1 Posts | Last post May 04, 2017
    • Hi I'm using the following syntax to create a cert but don't seem to get a cert, the command run's without error but yet I don't find my cert anywhere I seem to be pointing at the correct cert store.
      
      .\New-SelfsignedCertificateEx.ps1 -Subject "CN=testproof.domain.com" -EKU "Server Authentication" -KeyUsage "KeyEncipherment, DigitalSignature" -SAN "testproof.domain.com" -StoreLocation "LocalMachine\my"
      
      Can someone provide any ideas or an I missing some other parameter?
      
      Also should the command be run on the sub CA server or the server hosting the web site that uses the cert?
      
      I'm trying to at some point replace certs that are not working correctly in Chrome or Firefox for some of our internal websites.
      
      Thanks in advance for any ideas or help you can provide....
  • Seriously, where has the -StoreName option gone?
    2 Posts | Last post April 04, 2017
    • This was asked before, but was answered with a nit-pick on authors spelling. Apologies for my spelling in advance. The latest version of this script as of the time of writing no longer has the -StoreName option. Why, and what can be used instead?
    • It appears that this option was removed because it never worked.
  • Also no errors, also no certificates...
    2 Posts | Last post March 23, 2017
    • I'm running the script and getting no errors and no certificates, have tried Import-Module as described below as well as simply:
      
      .\New-SelfSignedCertificateEx.ps1
      
      from ps in the same directory as the script. I've tried my own parameters as well as the first example and both just do nothing, I've tried exporting to a file and without export. Using ps 5.1, Win10.... Help appreciated.
    • Well I solved this in the end by simply adding the call to the script's function to the script file itself (at the end but before the signature). This now works fine.
      
      Debugging in ISE is also useful to get your head around what it's doing (can use the same script as above).
  • No error, no certificate
    3 Posts | Last post March 22, 2017
    • Running the following command:
      
      .\New-SelfSignedCertificateEx.ps1 -Subject "CN=PowerShell" -eku "Code Signing" -keyspec "Signature" -keyusage "DigitalSignature" -friendlyname "PowerShell Code Signing" -notafter $([datetime]::now.AddYears(10))
      
      But I get no errors, and I get no certificates. Checked CurrentUser\my and LocalMachine\my. Nothing. ???
    • Ran into this same behavior, and solved it by importing the module. Issu following script:
        Import-Module .\New-SelfSignedCertificateEx.ps1
      
      Then run the command without leading "\." and ".ps1" extension:
        New-SelfSignedCertificateEx -Subject ....
      
      
    • Thank you! Importing the script as a module did the trick.
  • How to use New-SelfSignedCertificateEx instead of New-SelfSignedCertificate?
    1 Posts | Last post February 17, 2017
    • In Server 2012 there is a PowerShell command 'New-SelfSignedCertificate'. When I want to create a self-signed cert with that command I would use 'New-SelfSignedCertificate -DnsName <your_server_dns_name_or_whatever_you_like> -CertStoreLocation Cert:\LocalMachine\My'
      
      I have to create such a cert for Server 2008 R2. I found New-SelfSignedCertificateEx and installed it. Which command line arguments must I use to archive the same result as above? I don't know what arguments like EKU or Keyusage are. I need to get the job done quickly without deep learning about security or stuff like that. 
  • Error : New-SelfSignedCertificateEx : A parameter cannot be found that matches parameter name 'StoreName'.
    2 Posts | Last post January 16, 2017
    • I am getting error while executing the script please help me out.
      I am using below steps : 
      1) . ./New-SelfSignedCertificateEx.ps1
      2) New-SelfSignedCertificateEx -Subject "CN=antariksh.websites.net" -EKU "Server Authentication" -KeyUsa
      ge 0xa0 -StoreLocation "LocalMachine" -StoreName "My" -ProviderName "Microsot Strong Cryptographic Provider" -Exportable
      
      Error:
      
      New-SelfSignedCertificateEx : A parameter cannot be found that matches parameter name 'StoreName'.
      At line:1 char:140
      + ... "LocalMachine" -StoreName "My" -ProviderName "Microsot Strong Cryptographic Prov ...
      +                    ~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (:) [New-SelfSignedCertificateEx], ParameterBindingException
          + FullyQualifiedErrorId : NamedParameterNotFound,New-SelfSignedCertificateEx
      
      Thanks
      Sounik
    • You are missing the "f" in "Microsoft Strong Cryptographic Provider"
  • Nothing Appears to Happen
    1 Posts | Last post January 13, 2017
    • Hi i wonder if you can help, i navigate to the directory containing the script which is C:\Scripts
      
      Then Run
      
      .\New-SelfSignedCertificateEx -Subject "CN=Test" -EKU "Server Authentication", "Client authentication" -S
      ignatureAlgorithm SHA256 -FriendlyName "Test" -Path "C:\Scripts\Files\Test.pfx" -Password (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Exportable
      
      and nothing appears to happen, i have checked the directory where the file should be outputted but nothing appears there. At the moment i'm just creating a test certificate on my Windows 10 machine. I have set the policy to Unrestricted and check other scripts and these work.
      
      Any help you can give would be brilliant, Thanks Chris
  • Command not running
    2 Posts | Last post December 19, 2016
    • I am running the following command after dot sourcing the main command:
      .\New-SelfSignedCertificateEx -Subject "CN=208.98.130.141" -EKU "Server Authentication", "Client authentication" -SignatureAlgorithm SHA256 -FriendlyName "SFDemoSHA2" -Path "D:\Certificates\SFDemoSHA2.pfx" -Password (ConvertTo-SecureString "sfi123" -AsPlainText -Force) -Exportable
      
      I am seeing no errors at all. I have tried running powershell as administrator but that too did not help.
      
      Any help would be great. Thanks,
      Vaibhav
    • Look for file D:\Certificates\SFDemoSHA2.pfx
  • Self Signed Certicate Error
    2 Posts | Last post December 19, 2016
    • I ran into this error trying to create a self-signed certificate:
      Cannot process argument transformation on parameter 'NotBefore'. Cannot convert value "LocalMachine" to type "System.DateTime". Error: "The string was not recognized as a valid DateTime. 
      There is an unknown word starting at index 0."
          + CategoryInfo          : InvalidData: (:) [], ParameterBindin...mationException
          + FullyQualifiedErrorId : ParameterArgumentTransformationError
      
      Is there anything I'm missing or not doing properly?
      
      
    • If you post the command, you have more chance that somebody will help you. You probably call the command like New-SelfSignedCertificateEx -notAfter LocalMachine ...
21 - 30 of 60 Items