Tag Archives: PowerShell Programming language

PowerShell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language. Platforms are Windows PowerShell .NET Framework, Implementation language on C#.

How to Create Self-Signed Certificate in PowerShell

Sometimes we need to create a self-signed certificate for websites over HTTPS. Especially in labs and for testing purposes, like testing a web app or for the intranet portal. This tutorial shows here with Windows 11, the procedure to easily issue and install self-signed certificates in PowerShell.

Content

Previously, you had to use makecert.exe such as included in the Windows SDK to create self-signed certificates. Since Windows 8 this can be done in PowerShell there has been the New-SelfSignedCertificate cmdlet. Self-signed certificates can be used for client and server authentication or code signing.

Using the New-SelfSignedCertificate cmdlet

Open PowerShell as Administrator and paste in the following commands.

New-SelfSignedCertificate -DnsName "localdomain.local", "dev.ops.local" -CertStoreLocation "cert:\LocalMachine\My"
$pass=ConvertTo-SecureString "pass123" -AsPlainText -force
$file="$env:temp\SelfSignedCert.pfx"
Export-PFXCertificate -cert cert:\LocalMachine\My\<Thumbprint output during first command> -file $file -Password $pass
Import-PfxCertificate -FilePath $file cert:\LocalMachine\root -Password $pass

This example creates a self-signed SSL server certificate in the computer MY store. With the subject alternative name set to localdomain.local. dev.ops.local and Subject and Issuer name set to localdomain.local.

How to Create New Self-Signed Certificate with PowerShell

  Note. replace the placeholder for should be your thumbprint.

Note. Set the PowerShell Execution Policy from Restricted to RemoteSigned or Unrestricted to allow local PowerShell scripts to run.

PS C:\> Set-ExecutionPolicy RemoteSigned

After the self-signed certificate has been created. It is exported in PFX format so that it can then be imported into the certificate store.

The certificate you just issued can now be found in the Certificate Manager (CERTLM.MSC) of the Microsoft Management Console (mmc) under Trusted Root Certification Authorities.

Certificate Manager CERTLM.MSC of the Microsoft Management Console
Certificates – Local Computer: CERTLM.MSC

Automatic creating Self-Signed Certificate

To create self-signed certificate automated without any input, it does not require any further actions. It uses the computer name and if exist the domain name to issue the self-signed certificate.

New-SelfSignedCertificate -DnsName "$env:COMPUTERNAME.$env:USERDNSDOMAIN" -CertStoreLocation "cert:\LocalMachine\My"
$pass=ConvertTo-SecureString "pass123" -AsPlainText -force
$file="$env:temp\SelfSignedCert.pfx"
$thumbprint=Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "$env:COMPUTERNAME.$env:USERDNSDOMAIN"} | Select-Object Thumbprint -ExpandProperty "Thumbprint"
Export-PFXCertificate -cert cert:\LocalMachine\My\"$thumbprint" -file $file -Password $pass
Import-PfxCertificate -FilePath $file cert:\LocalMachine\root -Password $pass

The thumbprint is written to the variable “$thumbprint” in line 4 so that it can then be append in the export command.

PS C:\> Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "$env:COMPUTERNAME.$env:USERDNSDOMAIN"} | Select-Object Thumbprint

The self-signed certificate just created can shown with this command.

If the certificate requires a specific Common Name (CN), this script can be run. It prompts for a Common Name to create the self-signed certificate according to the URL.

$CommonName=Read-Host -Prompt 'Enter a Common Name (CN)'
if ($CommonName) {
	Write-Output "Self-Signed Certificate [$CommonName] processing.."
} else {
	Write-Warning -Message "Missing Common Name (CN)!"
	Break;
}
New-SelfSignedCertificate -DnsName "$CommonName" -CertStoreLocation "cert:\LocalMachine\My"
$pass=ConvertTo-SecureString "pass123" -AsPlainText -force
$file="$env:temp\$CommonName.pfx"
$thumbprint=Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "$CommonName"} | Select-Object Thumbprint -ExpandProperty "Thumbprint"
Export-PFXCertificate -cert cert:\LocalMachine\My\"$thumbprint" -file $file -Password $pass
Import-PfxCertificate -FilePath $file cert:\LocalMachine\root -Password $pass

How to turn IPv6 on or off in Windows PowerShell

Internet Protocol version 6 (IPv6) is the new standard protocol for the network layer of the Internet they can by turn on or off in Windows PowerShell. IPv6 can by enable or disable in the Windows PowerShell. It is designed to solve many of the problems of the current version of the Internet Protocol (known as IPv4). In terms of address depletion, security, automatic configuration, extensibility, etc. IPv6 expands the capabilities of the Internet to enable new types of applications, including peer-to-peer and mobile applications.

How to turn IPv6 on or off in Windows PowerShell

IPv6 Internet Protocol enable or disable in Windows PowerShell

By default IPv6 is enabled in Windows, but often IPv6 may need to be disabled. For example, when adding a PC to an Active Directory domain.

This tutorial shows how to enable or disable IPv6 for all or specific network adapters in Windows 8.1, Windows 10, and Windows 11.

Enable IPv6 protocol for a specific network adapter in the Windows PowerShell

Copy paste the following command into PowerShell with elevated privileges to run the Command with the Enter key. Which will output the current IPv6 status for all network adapters.

Get-NetAdapterBinding -ComponentID ms_tcpip6

The IPv6 status information of the network adapters might look something like the this.

Name                           DisplayName                                        ComponentID          Enabled
----                           -----------                                        -----------          -------
Ethernet                       Internetprotokoll, Version 6 (TCP/IPv6)            ms_tcpip6            True
WLAN                           Internetprotokoll, Version 6 (TCP/IPv6)            ms_tcpip6            True
Bluetooth-Netzwerkverbindung   Internetprotokoll, Version 6 (TCP/IPv6)            ms_tcpip6            True
OpenVPN Wintun                 Internetprotokoll, Version 6 (TCP/IPv6)            ms_tcpip6            True

If the IPv6 protocol is to be deactivated for the WLAN adapter, the following command can be executed in PowerShell with elevated rights.

Enable-NetAdapterBinding -Name "WLAN" -ComponentID ms_tcpip6

How to disable IPv6 in PowerShell for all network adapters

Copy the following command and paste it into PowerShell with elevated privileges to run it with the Enter key.

Disable-NetAdapterBinding -Name "WLAN" -ComponentID ms_tcpip6

IPv6 is disabled for all network adapters.

IPv6 is an Internet Layer protocol for packet-switched internetworking and provides end-to-end datagram transmission across multiple IP networks, closely adhering to the design principles developed in the previous version of the protocol, Internet Protocol Version 4 (IPv4).

In addition to offering more addresses, IPv6 also implements features not present in IPv4. It simplifies aspects of address configuration, network renumbering, and router announcements when changing network connectivity providers.