Generate Certificate for SSL - chanandrew96/MyLearning GitHub Wiki

Generate Certificate for SSL

# Set the properties of the certificate
$cert = New-SelfSignedCertificate -FriendlyName "cert friendly name" -DnsName "mycompany.domain.com" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)
# Set the password for certificate
$secPassword = ConvertTo-SecureString -String 'P@ssw0rd' -Force -AsPlainText
# Path to install the certificate
$certPath = "Cert:\LocalMachine\My\$($cert.Thumbprint)"
# Export the certificate to specific path
Export-PfxCertificate -Cert $certPath -FilePath C:\Path\To\Store\Certificate\MyCompanyDomainComCert.pfx -Password $secPassword
# Import certificate to current user\Personal
Import-PfxCertificate -Password $secPassword -FilePath C:\Path\To\Store\Certificate\MyCompanyDomainComCert.pfx -CertStoreLocation 'Cert:\CurrentUser\My'

CertStoreLocation

StoreLocation

StoreLocation Enum

CurrentUser
LocalMachine

StoreName

StoreName Enum

AddressBook
AuthRoot
CertificateAuthority
Disallowed
My
Root
TrustedPeople
TrustedPublisher

Certificate conversion

Convert a pfx certificate to crt and key files

Extract private key (.key)

openssl pkcs12 -in cert.pfx -nocerts -out cert-encrypted.key
openssl rsa -in cert-encrypted.key -out cert.key

Extract public key (.crt)

openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.crt

Generate CA file (.crt)

openssl pkcs12 -in cert.pfx -nokeys -nodes -cacerts -out ca-bundle.crt