Howto Tutorials (EN)

How to Create Self-Signed Certificate in PowerShell

Home
Leave a comment

Sometimes we need to create a self-signed certificate for websites over HTTPS. Especially in labs and for testing purposes, like testing a web app or for the intranet portal. This tutorial shows here with Windows 11, the procedure to easily issue and install self-signed certificates in PowerShell.

Content

Previously, you had to use makecert.exe such as included in the Windows SDK to create self-signed certificates. Since Windows 8 this can be done in PowerShell there has been the New-SelfSignedCertificate cmdlet. Self-signed certificates can be used for client and server authentication or code signing.

Using the New-SelfSignedCertificate cmdlet

Open PowerShell as Administrator and paste in the following commands.

New-SelfSignedCertificate -DnsName "localdomain.local", "dev.ops.local" -CertStoreLocation "cert:\LocalMachine\My"
$pass=ConvertTo-SecureString "pass123" -AsPlainText -force
$file="$env:temp\SelfSignedCert.pfx"
Export-PFXCertificate -cert cert:\LocalMachine\My\<Thumbprint output during first command> -file $file -Password $pass
Import-PfxCertificate -FilePath $file cert:\LocalMachine\root -Password $pass

This example creates a self-signed SSL server certificate in the computer MY store. With the subject alternative name set to localdomain.local. dev.ops.local and Subject and Issuer name set to localdomain.local.

How to Create New Self-Signed Certificate with PowerShell

  Note. replace the placeholder for should be your thumbprint.

Note. Set the PowerShell Execution Policy from Restricted to RemoteSigned or Unrestricted to allow local PowerShell scripts to run.

PS C:\> Set-ExecutionPolicy RemoteSigned

After the self-signed certificate has been created. It is exported in PFX format so that it can then be imported into the certificate store.

The certificate you just issued can now be found in the Certificate Manager (CERTLM.MSC) of the Microsoft Management Console (mmc) under Trusted Root Certification Authorities.

Certificate Manager CERTLM.MSC of the Microsoft Management Console
Certificates – Local Computer: CERTLM.MSC

Automatic creating Self-Signed Certificate

To create self-signed certificate automated without any input, it does not require any further actions. It uses the computer name and if exist the domain name to issue the self-signed certificate.

New-SelfSignedCertificate -DnsName "$env:COMPUTERNAME.$env:USERDNSDOMAIN" -CertStoreLocation "cert:\LocalMachine\My"
$pass=ConvertTo-SecureString "pass123" -AsPlainText -force
$file="$env:temp\SelfSignedCert.pfx"
$thumbprint=Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "$env:COMPUTERNAME.$env:USERDNSDOMAIN"} | Select-Object Thumbprint -ExpandProperty "Thumbprint"
Export-PFXCertificate -cert cert:\LocalMachine\My\"$thumbprint" -file $file -Password $pass
Import-PfxCertificate -FilePath $file cert:\LocalMachine\root -Password $pass

The thumbprint is written to the variable “$thumbprint” in line 4 so that it can then be append in the export command.

PS C:\> Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "$env:COMPUTERNAME.$env:USERDNSDOMAIN"} | Select-Object Thumbprint

The self-signed certificate just created can shown with this command.

If the certificate requires a specific Common Name (CN), this script can be run. It prompts for a Common Name to create the self-signed certificate according to the URL.

$CommonName=Read-Host -Prompt 'Enter a Common Name (CN)'
if ($CommonName) {
	Write-Output "Self-Signed Certificate [$CommonName] processing.."
} else {
	Write-Warning -Message "Missing Common Name (CN)!"
	Break;
}
New-SelfSignedCertificate -DnsName "$CommonName" -CertStoreLocation "cert:\LocalMachine\My"
$pass=ConvertTo-SecureString "pass123" -AsPlainText -force
$file="$env:temp\$CommonName.pfx"
$thumbprint=Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "$CommonName"} | Select-Object Thumbprint -ExpandProperty "Thumbprint"
Export-PFXCertificate -cert cert:\LocalMachine\My\"$thumbprint" -file $file -Password $pass
Import-PfxCertificate -FilePath $file cert:\LocalMachine\root -Password $pass
Howto Tutorials (EN)

Install PowerToys Utilities to customize Windows

Home
Leave a comment

PowerToys from Microsoft, when you install, you will find a versatile set of additional tweeks. It is a set of utilities for power users to tune and customize Windows for greater experience of productivity.

Install PowerToys executables via GitHub

Get PowerToys from Github select the PowerToysSetup-0.##.#-x64.exe or PowerToysSetup-0.##.#-arm64.exe file to download the PowerToys executable installer.

Alternatively, get PowerToys from the Microsoft Store. You must be using the new Microsoft Store which will be available for both Windows 11 and Windows 10 v2004 (19041) or newer.

To install PowerToys using the Windows Package Manager, it is as simple as running the following command from the command line / PowerShell:

winget install Microsoft.PowerToys --source winget

PowerToys File Explorer add-ons utility

The highlights are the File Explorer add-ons utility. With the ability of Thumbnail preview showing thumbnails is a built-in Windows feature.

Install PowerToys, Windows Explorer thumbnail preview

For thumbnail preview, PowerToys adds multiple extensions: SVG, PDF, PHP, Shell-Scripts, Java, CSS, Python-code and more.

How to customize Windows File Explorer

To preview files for php, ps1, py, css, vbs, shell scripts and more in File Explorer with just expanding the registry then add this keys.

REG ADD "HKCR\.sh" /v "PerceivedType" /t REG_SZ /d "text" /f
REG ADD "HKCR\.sh" /ve /t REG_SZ /d "txtfile" /f
REG ADD "HKCR\.sh" /v "Content Type" /t REG_SZ /d "text/plain" /f
REG ADD "HKCR\.sh\PersistentHandler" /ve /t REG_SZ /d "{5e941d80-bf96-11cd-b579-08002b30bfeb}" /f

REG ADD "HKCR\.php" /v "PerceivedType" /t REG_SZ /d "text" /f
REG ADD "HKCR\.php" /ve /t REG_SZ /d "txtfile" /f
REG ADD "HKCR\.php" /v "Content Type" /t REG_SZ /d "text/plain" /f
REG ADD "HKCR\.php\PersistentHandler" /ve /t REG_SZ /d "{5e941d80-bf96-11cd-b579-08002b30bfeb}" /f

REG ADD "HKCR\.py" /v "PerceivedType" /t REG_SZ /d "text" /f
REG ADD "HKCR\.py" /ve /t REG_SZ /d "txtfile" /f
REG ADD "HKCR\.py" /v "Content Type" /t REG_SZ /d "text/plain" /f
REG ADD "HKCR\.py\PersistentHandler" /ve /t REG_SZ /d "{5e941d80-bf96-11cd-b579-08002b30bfeb}" /f

REG ADD "HKCR\.ps1" /v "PerceivedType" /t REG_SZ /d "text" /f
REG ADD "HKCR\.ps1" /ve /t REG_SZ /d "txtfile" /f
REG ADD "HKCR\.ps1" /v "Content Type" /t REG_SZ /d "text/plain" /f
REG ADD "HKCR\.ps1\PersistentHandler" /ve /t REG_SZ /d "{5e941d80-bf96-11cd-b579-08002b30bfeb}" /f

REG ADD "HKCR\.css" /v "PerceivedType" /t REG_SZ /d "text" /f
REG ADD "HKCR\.css" /ve /t REG_SZ /d "txtfile" /f
REG ADD "HKCR\.css" /v "Content Type" /t REG_SZ /d "text/plain" /f
REG ADD "HKCR\.css\PersistentHandler" /ve /t REG_SZ /d "{5e941d80-bf96-11cd-b579-08002b30bfeb}" /f

REG ADD "HKCR\.vbs" /v "PerceivedType" /t REG_SZ /d "text" /f
REG ADD "HKCR\.vbs" /ve /t REG_SZ /d "txtfile" /f
REG ADD "HKCR\.vbs" /v "Content Type" /t REG_SZ /d "text/plain" /f
REG ADD "HKCR\.vbs\PersistentHandler" /ve /t REG_SZ /d "{5e941d80-bf96-11cd-b579-08002b30bfeb}" /f

What is PowerToys

Microsoft PowerToys is a set of freeware system utilities designed for power users. Developed by Microsoft for use on the Windows operating system. These programs add or change features to maximize productivity or add more customization. PowerToys are available for Windows 95, Windows XP, Windows 10 and Windows 11. The PowerToys for Windows 10 and Windows 11 are free and open-source software licensed under the MIT License and hosted on GitHub.