Skip to content

Instantly share code, notes, and snippets.

@tweakch

tweakch/create-authority.md

Created April 8, 2022 05:45
Show Gist options
  • Save tweakch/d8b02913154b856d5864f7499f4a4773 to your computer and use it in GitHub Desktop.
Save tweakch/d8b02913154b856d5864f7499f4a4773 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
create-authority.md

Create Authority

New-SelfSignedCertificate -DnsName "KnowYourToolset Cert Authority" -CertStoreLocation "Cert:\LocalMachine\My" -KeyUsage CertSign,CRLSign

Creates root authority with permission to sign stuff

Export-Certificate -Cert Cert:\LocalMachine\My\<CERTHUMB> -FilePath kytroot.cer

Trust Authority

Import-Certificate -FilePath .\kytroot.cer -CertStoreLocation Cert:\LocalMachine\Root

This is the public key and could be imported on any machine you want to trust SSL certs on

Create Actual Certificate

$rootcert = (Get-ChildItem -Path Cert:\LocalMachine\My\<CERTHUMB>)

The my is important here -- this needs to be in a place where the private key is available

New-SelfSignedCertificate -DnsName "todo.knowyourtoolset.com" -CertStoreLocation Cert:\LocalMachine\My -Signer $rootcert

Sharing

If you need to move RootAuthority around:

Export-PfxCertificate

If you need to put your domain pfx on more servers: Export-PfxCertificate with secretstring pwd, then import to LocalMachine\My wherever Thumbprint is constant

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment