Generate a self-signed certificate for code signing

Using PowerShell and the New-SelfSignedCertificate cmdlet:

The New-SelfSignedCertificate cmdlet allows to create a self-signed certificate for testing purpose (may required administrator rights).

$cert = New-SelfSignedCertificate -DnsName -Type CodeSigning -CertStoreLocation Cert:\CurrentUser\My

This output the Thumbprint of the generated certificate:

  PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\MY

Thumbprint                                Subject
----------                                -------

Now you have a certificate in the certificate store. If you want to export it as a pfx file, you can use the Export-PfxCertificate cmdlet:

$CertPassword = ConvertTo-SecureString -String "Passw0rd" -Force –AsPlainText
Export-PfxCertificate -Cert "cert:\LocalMachine\My\$($cert.Thumbprint)" -FilePath "d:\test.pfx" -Password $CertPassword

Using makecert (deprecated)

If you use Windows 7, you may need to use makecert:

REM May change depending of your installed Windows SDK
cd "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin"

REM Generate the root certificate
.\makecert.exe -r -pe -n "CN=Sample.CA" -ss CA -sr CurrentUser -a sha1 -cy authority -sky signature -sv d:\Sample.CA.pvk d:\Sample.CA.cer

REM Add the Root certificate to the user store
certutil.exe -user -addstore Root d:\Sample.CA.cer

REM Create the certificate for code signing
.\makecert.exe -pe -n "CN=Sample.CodeSigning" -eku "," -a sha1 -cy end -sky signature -ic d:\Sample.CA.cer -iv d:\Sample.CA.pvk -sv d:\Sample.CodeSigning.pvk d:\Sample.CodeSigning.cer

REM Convert to certificate to pfx file format
.\pvk2pfx.exe -pvk d:\Sample.CodeSigning.pvk -spc d:\Sample.CodeSigning.cer -pfx d:\Sample.CodeSigning.pfx
Enjoy this blog? Buy Me A Coffee Donate with PayPal


aaron -

What version of PowerShell and which OS were you using to get the New-SelfSignedCertificate cmdlet to work?

Leave a reply