When it comes to configuring applications or services that require SSL/TLS communication, having a self-signed certificate for testing or development purposes becomes almost indispensable. This is even more relevant when you’re dealing with services on Azure, where security is paramount.
Today, I’ll walk you through a PowerShell script that not only creates a self-signed certificate but also exports it in both .pfx and .cer formats.
Setting the Scene
Let’s start by defining some custom variables:
$friendlyName = “Azure SelfSigned Cert Name”
$subjectName = “CertificateName”
$certStorePath = “cert:\LocalMachine\My”
$exportPath = “C:\Temp\”
$passwordPlainText = “YourPasswordHere”
Here, $friendlyName is a descriptor for your certificate. $subjectName will serve as the Common Name (CN) for the certificate, and $certStorePath specifies the certificate store location in your system. Finally, $exportPath indicates where you want to save your certificate, and $passwordPlainText will be the password for your .pfx file.
Building the Path
Now, let’s build the path for both our .pfx and .cer files:
$FullPathPFX = Join-Path $exportPath ($subjectName + “.pfx”)
$FullPathCER = Join-Path $exportPath ($subjectName + “.cer”)
By using the Join-Path cmdlet, we ensure the proper formation of the path, taking into account any nuances that might differ from one system to another.
Safety First: Passwords
The password used for the .pfx file should be a secure string:
$password = ConvertTo-SecureString -String $passwordPlainText -Force -AsPlainText
This ensures it’s handled safely within PowerShell.
Generating the Certificate
Let’s roll up our sleeves and generate that certificate:
$cert = New-SelfSignedCertificate -Subject “CN=$subjectName” -CertStoreLocation $certStorePath -FriendlyName $friendlyName -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
The New-SelfSignedCertificate cmdlet creates the certificate with the parameters we’ve provided.
Export Time!
After successfully generating the certificate, it’s time to export it:
Export-PfxCertificate -cert “$certStorePath\$($cert.Thumbprint)” -FilePath $FullPathPFX -Password $password
Export-Certificate -Cert “$certStorePath\$($cert.Thumbprint)” -FilePath $FullPathCER
The first line exports the certificate as a .pfx file, while the second exports it as a .cer file.
Wrapping Up
Concluding the script, we have a small line to confirm the export:
Write-Output “Certificate created and exported to $exportPath”
Voilà! You now have a self-signed certificate, neatly exported in both .pfx and .cer formats, all thanks to the magic of PowerShell.
Remember, self-signed certificates are great for testing, but for production, always lean towards obtaining a certificate from a recognized Certificate Authority.
Happy scripting!
Joao Paulo Costa
Get Practical 