Skip to content

Instantly share code, notes, and snippets.

@dahlsailrunner

dahlsailrunner/SelfSignedCerts-IIS.md

Last active August 13, 2024 10:50
Show Gist options
  • Save dahlsailrunner/2c1fab8398bc3a0a23c9189751a252e6 to your computer and use it in GitHub Desktop.
Save dahlsailrunner/2c1fab8398bc3a0a23c9189751a252e6 to your computer and use it in GitHub Desktop.
Download ZIP
Selfsigned certs in IIS from PowerShell
Raw
SelfSignedCerts-IIS.md

Create Authority

New-SelfSignedCertificate -DnsName "KnowYourToolset Cert Authority" -CertStoreLocation "Cert:\LocalMachine\My" -KeyUsage CertSign,CRLSign

Creates root authority with permission to sign stuff

Export-Certificate -Cert Cert:\LocalMachine\My\<CERTHUMB> -FilePath kytroot.cer

Trust Authority

Import-Certificate -FilePath .\kytroot.cer -CertStoreLocation Cert:\LocalMachine\Root

This is the public key and could be imported on any machine you want to trust SSL certs on

Create Actual Certificate

$rootcert = (Get-ChildItem -Path Cert:\LocalMachine\My\<CERTHUMB>)

The my is important here -- this needs to be in a place where the private key is available

New-SelfSignedCertificate -DnsName "todo.knowyourtoolset.com" -CertStoreLocation Cert:\LocalMachine\My -Signer $rootcert

Sharing

If you need to move RootAuthority around:

Export-PfxCertificate

If you need to put your domain pfx on more servers: Export-PfxCertificate with secretstring pwd, then import to LocalMachine\My wherever Thumbprint is constant

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment