New PodeSelfSignedCertificate - mdaneri/Pode GitHub Wiki
external help file: Pode-help.xml Module Name: Pode online version: PodeType: Certificate schema: 2.0.0
Generates a self-signed X.509 certificate.
New-PodeSelfSignedCertificate [-CommonName <String>] [-Password <SecureString>] [-Organization <String>]
[-Locality <String>] [-State <String>] [-Country <String>] [-KeyType <String>] [-KeyLength <Int32>]
[-EnhancedKeyUsages <String[]>] [-CertificatePurpose <String>] [-NotBefore <DateTime>]
[-CustomExtensions <Object[]>] [-FriendlyName <String>] [-ValidityDays <Int32>] [-Ephemeral] [-Exportable]
[-ProgressAction <ActionPreference>] [<CommonParameters>]
New-PodeSelfSignedCertificate [-DnsName <String[]>] [-Loopback] [-Password <SecureString>]
[-Organization <String>] [-Locality <String>] [-State <String>] [-Country <String>] [-KeyType <String>]
[-KeyLength <Int32>] [-EnhancedKeyUsages <String[]>] [-CertificatePurpose <String>] [-NotBefore <DateTime>]
[-CustomExtensions <Object[]>] [-FriendlyName <String>] [-ValidityDays <Int32>] [-Ephemeral] [-Exportable]
[-ProgressAction <ActionPreference>] [<CommonParameters>]
This function creates a self-signed X.509 certificate using RSA or ECDSA key pairs. It supports specifying subject details, key usage, enhanced key usage (EKU), and custom extensions. The generated certificate is returned as an X509Certificate2 object.
By default, the private key is exportable so the certificate can be saved and reused. If the `-Ephemeral` parameter is specified, the certificate's private key will not be persisted and will only exist in memory for the current session.
$cert = New-PodeSelfSignedCertificate -Loopback
Creates a self-signed certificate for local addresses (`127.0.0.1`, `::1`, `localhost`, machine hostname).
$cert = New-PodeSelfSignedCertificate -DnsName "example.com" -KeyType "RSA" -KeyLength 2048
Creates a self-signed RSA certificate for "example.com" with a 2048-bit key, valid for 365 days.
$cert = New-PodeSelfSignedCertificate -DnsName "internal.local" -Ephemeral
Creates a self-signed certificate with a private key that exists **only in memory** for the current session.
$cert = New-PodeSelfSignedCertificate -DnsName "testserver.local" -KeyType "ECDSA" -KeyLength 384 -CertificatePurpose "ClientAuth" -ValidityDays 730
Generates a self-signed ECDSA certificate for "testserver.local" with client authentication EKU, valid for 730 days.
The intended purpose of the certificate, which automatically sets the EKU. Supported values: 'ServerAuth', 'ClientAuth', 'CodeSigning', 'EmailSecurity', 'Custom'. Defaults to 'ServerAuth'.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: ServerAuth
Accept pipeline input: False
Accept wildcard characters: FalseThe Common Name (CN) for the certificate subject. Defaults to "SelfSigned".
Type: String
Parameter Sets: CommonName
Aliases:
Required: False
Position: Named
Default value: SelfSigned
Accept pipeline input: False
Accept wildcard characters: FalseThe country (C) code (ISO 3166-1 alpha-2). Defaults to 'XX'.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: XX
Accept pipeline input: False
Accept wildcard characters: FalseAn array of additional custom certificate extensions.
Type: Object[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseOne or more DNS names (or IP addresses) to be included in the Subject Alternative Name (SAN).
Type: String[]
Parameter Sets: DnsName
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseA list of OID strings for Enhanced Key Usage (EKU), e.g., '1.3.6.1.5.5.7.3.1' for server authentication.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIf specified, the certificate will be created with `EphemeralKeySet`, meaning the private key will not be persisted on disk or in the certificate store.
This is useful for temporary certificates that should only exist in memory for the duration of the current session. Once the process exits, the private key will be lost.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: FalseIf specified the certificate will be created with `Exportable`, meaning the certificate can be exported
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: FalseA friendly name for the certificate, used when storing it in a certificate store. Defaults to 'MyCertificate'.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: MyCertificate
Accept pipeline input: False
Accept wildcard characters: FalseThe key length for RSA (2048, 3072, 4096) or ECDSA (256, 384, 521). Defaults to 2048.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 2048
Accept pipeline input: False
Accept wildcard characters: FalseThe cryptographic key type for the certificate request. Supported values: 'RSA', 'ECDSA'. Defaults to 'RSA'.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: RSA
Accept pipeline input: False
Accept wildcard characters: FalseThe locality (L) name to be included in the certificate subject.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIf specified, automatically sets `DnsName` to include:
- `127.0.0.1`, `::1`, `localhost`
- The current machine's IP (if not local)
- The Pode server's hostname and FQDN (if available)
Type: SwitchParameter
Parameter Sets: DnsName
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: FalseThe NotBefore date for the certificate validity start. Defaults to the current UTC time.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe organization (O) name to be included in the certificate subject.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an optional password for protecting the exported PFX. If not provided, the PFX will be unprotected.
Type: SecureString
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False{{ Fill ProgressAction Description }}
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe state (S) name to be included in the certificate subject.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe number of days the certificate will remain valid. Defaults to 365 days.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 365
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
- The private key is embedded in the generated certificate.
- By default, the certificate is exportable so it can be saved and reused.
- If `-Ephemeral` is used, the private key will only exist in memory and cannot be exported or stored.
- The `-Loopback` parameter is useful for local development, ensuring the certificate includes local identifiers.