Generate a self-signed certificate for code signing

 
 
  • Gérald Barré

#Using PowerShell and the New-SelfSignedCertificate cmdlet:

The New-SelfSignedCertificate cmdlet allows to create a self-signed certificate for testing purpose (may required administrator rights). The cmdlet has existed since Windows 8 and Windows Server 2012. You can use Get-Module to check if the module PKI or PKIClient is loaded in your PowerShell environment.

PowerShell
$cert = New-SelfSignedCertificate -DnsName sample.contoso.com -Type CodeSigning -CertStoreLocation Cert:\CurrentUser\My

This output the Thumbprint of the generated certificate:

  PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\MY

Thumbprint                                Subject
----------                                -------
F526E46B6C8457FBD52A649E19F7262DC534171D  CN=sample.contoso.com

Now you have a certificate in the certificate store. If you want to export it as a pfx file, you can use the Export-PfxCertificate cmdlet:

PowerShell
$CertPassword = ConvertTo-SecureString -String "Passw0rd" -Force –AsPlainText
Export-PfxCertificate -Cert "cert:\LocalMachine\My\$($cert.Thumbprint)" -FilePath "d:\test.pfx" -Password $CertPassword

#Using makecert

If you use Windows 7, you may need to use makecert:

Shell
REM May change depending of your installed Windows SDK
cd "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin"

REM Generate the root certificate
.\makecert.exe -r -pe -n "CN=Sample.CA" -ss CA -sr CurrentUser -a sha1 -cy authority -sky signature -sv d:\Sample.CA.pvk d:\Sample.CA.cer

REM Add the Root certificate to the user store
certutil.exe -user -addstore Root d:\Sample.CA.cer

REM Create the certificate for code signing
.\makecert.exe -pe -n "CN=Sample.CodeSigning" -eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" -a sha1 -cy end -sky signature -ic d:\Sample.CA.cer -iv d:\Sample.CA.pvk -sv d:\Sample.CodeSigning.pvk d:\Sample.CodeSigning.cer

REM Convert to certificate to pfx file format
.\pvk2pfx.exe -pvk d:\Sample.CodeSigning.pvk -spc d:\Sample.CodeSigning.cer -pfx d:\Sample.CodeSigning.pfx

Do you have a question or a suggestion about this post? Contact me!

Follow me:
Enjoy this blog?Buy Me A Coffee💖 Sponsor on GitHub