Vemuri Srujan vemurisrujan
🏠
vemurisrujan
/ Generate-Certificate.ps1
Last active
October 15, 2025 13:46
Creates a self-signed cert with subject CN=<domain url> using RSA 3072 and SHA256 (default), valid for 3 years. Sets KeyUsage to DigitalSignature, KeyEncipherment (good for SAML token signing). Stores it in Current User personal store: Cert:\CurrentUser\My, with exportable private key. Exports a PFX (private key + cert) to your Desktop as saml-s…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate a self-signed certificate for SAML | |
| $cert = New-SelfSignedCertificate -Subject "CN=<domain url>" -KeyAlgorithm RSA -KeyLength 3072 ` | |
| -KeyUsage DigitalSignature, KeyEncipherment -NotAfter (Get-Date).AddYears(3) ` | |
| -CertStoreLocation Cert:\CurrentUser\My -KeyExportPolicy Exportable | |
| # Export cert to PFX (with password) | |
| $mypwd = ConvertTo-SecureString "<password>" -AsPlainText -Force | |
| Export-PfxCertificate -Cert $cert -FilePath "$env:USERPROFILE\Desktop\saml-signing.pfx" -Password $mypwd | |
| # Export public certificate (CER) |