SSL: Generate self signed cert via powershell

ssl-generate-self-signed-cert-2023111x.md

// Run in powershell as admin - change all ##values## as needed

$authorityCert = New-SelfSignedCertificate -Subject "CN=##MyCertFriendlyName##,OU=IT,O=##MyCompanyName## Certificate Authority,C=US" -KeyAlgorithm RSA -KeyLength 4096 -KeyUsage CertSign, CRLSign, DigitalSignature, KeyEncipherment, DataEncipherment -KeyExportPolicy Exportable -NotBefore (Get-Date) -NotAfter (Get-Date).AddYears(10) -HashAlgorithm SHA256 -CertStoreLocation "Cert:\LocalMachine\My" -FriendlyName "##MyCertFriendlyName##" ` -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1", "2.5.29.19={critical}{text}ca=1")

$devCert = New-SelfSignedCertificate -Subject "CN=##MyCompanyName##,OU=App Test,O=##MyCompanyName##,C=US" -KeyAlgorithm RSA -KeyLength 4096 -KeyUsage DigitalSignature, KeyEncipherment, DataEncipherment -KeyExportPolicy Exportable -NotBefore (Get-Date) -NotAfter (Get-Date).AddYears(10) -HashAlgorithm SHA256 -CertStoreLocation "Cert:\LocalMachine\My" -FriendlyName "##MyCompanyName##" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1", "2.5.29.17={text}IPAddress=192.168.100.82") -Signer $authorityCert

$directory = "##MyOutputFolderPath##" if(!(test-path $directory)) { New-Item -ItemType Directory -Force -Path $directory } $authorityCertPath = 'Cert:\LocalMachine\My' + ($authorityCert.ThumbPrint) $authorityCertFilename = $directory + "Authority.cer" Export-Certificate -Cert $authorityCertPath -FilePath $authorityCertFilename $devCertPath = 'Cert:\LocalMachine\My' + ($devCert.ThumbPrint) $devCertFilename = $directory + "Dev.cer" Export-Certificate -Cert $devCertPath -FilePath $devCertFilename