- $Password should just be whatever your password is, there are more secure ways of getting password than -AsPlainText, this just demonstrates one way
- $Thumbprint can be found by
Get-ChildItem cert:\LocalMachine\My
$rootCert = New-SelfSignedCertificate -Subject 'CN=TestRootCA,O=TestRootCA,OU=TestRootCA' -KeyExportPolicy Exportable -KeyUsage CertSign,CRLSign,DigitalSignature -KeyLength 2048 -KeyUsageProperty All -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256' -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider'
$CertPassword = ConvertTo-SecureString -String $Password -Force -AsPlainText
Export-PfxCertificate -cert cert:\LocalMachine\My\$Thumbprint -FilePath c:\test.pfx -Password $CertPassword
Export-Certificate -Cert Cert:\LocalMachine\My\$Thumprint -FilePath C:\testcert.cer
New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName "local.dev.com" -Signer $rootCert -KeyExportPolicy Exportable -KeyUsage KeyEncipherment,DigitalSignature -KeyLength 2048 -KeyUsageProperty All -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256' -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider'
- Install testcert.cer into Trusted Root Authority
- edit c:\Windows\System32\drivers\etc\hosts to add entries for local.dev.com and any others you add
- In IIS edit bindings for default site, add new https entry and with 'Require Server Name indication'
- probably a way to get $rootCert loaded in future sessions but easier to get all the certs prepped in one go
