// Run in powershell as admin - change all ##values## as needed
$authorityCert = New-SelfSignedCertificate -Subject "CN=##MyCertFriendlyName##,OU=IT,O=##MyCompanyName## Certificate Authority,C=US"
-KeyAlgorithm RSA -KeyLength 4096
-KeyUsage CertSign, CRLSign, DigitalSignature, KeyEncipherment, DataEncipherment -KeyExportPolicy Exportable
-NotBefore (Get-Date) -NotAfter (Get-Date).AddYears(10)
-HashAlgorithm SHA256 -CertStoreLocation "Cert:\LocalMachine\My"
-FriendlyName "##MyCertFriendlyName##" `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1", "2.5.29.19={critical}{text}ca=1")
$devCert = New-SelfSignedCertificate -Subject "CN=##MyCompanyName##,OU=App Test,O=##MyCompanyName##,C=US"
-KeyAlgorithm RSA -KeyLength 4096
-KeyUsage DigitalSignature, KeyEncipherment, DataEncipherment -KeyExportPolicy Exportable
-NotBefore (Get-Date) -NotAfter (Get-Date).AddYears(10)
-HashAlgorithm SHA256 -CertStoreLocation "Cert:\LocalMachine\My"
-FriendlyName "##MyCompanyName##" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1", "2.5.29.17={text}IPAddress=192.168.100.82")
-Signer $authorityCert
$directory = "##MyOutputFolderPath##" if(!(test-path $directory)) { New-Item -ItemType Directory -Force -Path $directory } $authorityCertPath = 'Cert:\LocalMachine\My' + ($authorityCert.ThumbPrint) $authorityCertFilename = $directory + "Authority.cer" Export-Certificate -Cert $authorityCertPath -FilePath $authorityCertFilename $devCertPath = 'Cert:\LocalMachine\My' + ($devCert.ThumbPrint) $devCertFilename = $directory + "Dev.cer" Export-Certificate -Cert $devCertPath -FilePath $devCertFilename