Generate Certificate for SSL - chanandrew96/MyLearning GitHub Wiki
Generate Certificate for SSL
# Set the properties of the certificate
$cert = New-SelfSignedCertificate -FriendlyName "cert friendly name" -DnsName "mycompany.domain.com" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)
# Set the password for certificate
$secPassword = ConvertTo-SecureString -String 'P@ssw0rd' -Force -AsPlainText
# Path to install the certificate
$certPath = "Cert:\LocalMachine\My\$($cert.Thumbprint)"
# Export the certificate to specific path
Export-PfxCertificate -Cert $certPath -FilePath C:\Path\To\Store\Certificate\MyCompanyDomainComCert.pfx -Password $secPassword
# Import certificate to current user\Personal
Import-PfxCertificate -Password $secPassword -FilePath C:\Path\To\Store\Certificate\MyCompanyDomainComCert.pfx -CertStoreLocation 'Cert:\CurrentUser\My'
CertStoreLocation
StoreLocation
- CurrentUser
- LocalMachine
StoreName
- AddressBook
- AuthRoot
- CertificateAuthority
- Disallowed
- My
- Root
- TrustedPeople
- TrustedPublisher
Certificate conversion
Convert a pfx certificate to crt and key files
Extract private key (.key)
openssl pkcs12 -in cert.pfx -nocerts -out cert-encrypted.key
openssl rsa -in cert-encrypted.key -out cert.key
Extract public key (.crt)
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.crt
Generate CA file (.crt)
openssl pkcs12 -in cert.pfx -nokeys -nodes -cacerts -out ca-bundle.crt