Generating a self-signed certificate PFX file with Powershell

Print Friendly, PDF & Email

Sometimes you need a self-signed SSL certificate for an internal project, but perhaps you’re restricted from using a 3rd party tool such as OpenSSL. Maybe this is for security reasons, a lack of external internet connectivity, or maybe you’re just working on something small and you need a quick solution. Well, Microsoft has you covered, as the ability to self-sign a certificate in Windows is quite simple.

Open a Powershell Command Line as an Administrator, then enter the following command (changing “computerhostname” to the hostname of the server the file will reside on, using the FQDN (ex. computername.local) if you can):
New-SelfSignedCertificate -DnsName “computerhostname” -CertStoreLocation “cert:\LocalMachine\My”

Then, Windows Key+R to open the run menu, type certlm.msc and press enter or click OK. This will open the Certificate Manager for the Local Machine.

To export the public and private certificate and key as a Private Information Exchange or PFX file (a Personal Information Exchange public/private key combo file) follow these steps:

  1. On the left side of Certificate Manager, expand “Personal” then click Certificates.
  2. Right click the certificate you just created, then click All Tasks, then Export.
  3. Next > YES > Next > leave the defaults (Personal Information Exchange, with “Include…” and “Enabled…” checked) > Next > Password (enter your desired password, which you will need later to use the PFX file), change the Encryption to AES256-SHA256 > Next > Browse and give the PFX file a destination and a name (demo.pfx) > Next > Finish > OK.