Windows PowerShell is a powerful scripting language that enables users to automate tasks and manage Windows systems. One of the most useful commands in Windows PowerShell is the New-SelfSignedCertificate command, which is used to create a self-signed certificate for a specific purpose. In this article, we will explore the syntax, parameters, inputs, outputs, examples, and tips for using the New-SelfSignedCertificate command.
Syntax
The syntax for the New-SelfSignedCertificate command is as follows:
New-SelfSignedCertificate [-DnsName] <String[]> [-CertStoreLocation <String>] [-CloneCert <X509Certificate2>] [-NotAfter <DateTime>] [-NotBefore <DateTime>] [-Password <SecureString>] [-Path <String>] [-Type <String>] [-KeyLength <Int32>] [-KeyUsage <X509KeyUsageFlags[]>] [-FriendlyName <String>] [-HashAlgorithm <String>] [-KeyAlgorithm <String>] [-TextExtension <String[]>] [-CertStore <X509Store>] [-CspParameters <CspParameters>] [-Signer <Certificate>] [-SmimeCapabilities <SmimeCapability[]>] [-EKU <Oid[]>] [-KeySpec <X509KeySpec>] [-Subject <String>] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Parameters
The New-SelfSignedCertificate command has several parameters that can be used to customize the certificate. These parameters are as follows:
| Parameter | Description |
|---|---|
| -DnsName | The DNS name of the certificate. |
| -CertStoreLocation | The location of the certificate store. |
| -CloneCert | The certificate to be cloned. |
| -NotAfter | The expiration date of the certificate. |
| -NotBefore | The start date of the certificate. |
| -Password | The password for the certificate. |
| -Path | The path to the certificate. |
| -Type | The type of the certificate. |
| -KeyLength | The length of the certificate key. |
| -KeyUsage | The usage of the certificate key. |
| -FriendlyName | The friendly name of the certificate. |
| -HashAlgorithm | The hash algorithm used for the certificate. |
| -KeyAlgorithm | The key algorithm used for the certificate. |
| -TextExtension | The text extensions used for the certificate. |
| -CertStore | The certificate store used for the certificate. |
| -CspParameters | The CSP parameters used for the certificate. |
| -Signer | The signer of the certificate. |
| -SmimeCapabilities | The S/MIME capabilities used for the certificate. |
| -EKU | The extended key usage of the certificate. |
| -KeySpec | The key specification used for the certificate. |
| -Subject | The subject of the certificate. |
Inputs
The New-SelfSignedCertificate command requires the following inputs:
- The DNS name of the certificate.
- The location of the certificate store.
- The expiration date of the certificate.
- The start date of the certificate.
- The password for the certificate.
- The path to the certificate.
- The type of the certificate.
- The length of the certificate key.
- The usage of the certificate key.
- The friendly name of the certificate.
- The hash algorithm used for the certificate.
- The key algorithm used for the certificate.
- The text extensions used for the certificate.
- The certificate store used for the certificate.
- The CSP parameters used for the certificate.
- The signer of the certificate.
- The S/MIME capabilities used for the certificate.
- The extended key usage of the certificate.
- The key specification used for the certificate.
- The subject of the certificate.
Outputs
The New-SelfSignedCertificate command produces the following outputs:
- A self-signed certificate.
- A certificate store containing the self-signed certificate.
Examples
The following example creates a self-signed certificate with a friendly name of “MyCert” and a key length of 2048 bits:
New-SelfSignedCertificate -DnsName “MyCert” -FriendlyName “MyCert” -KeyLength 2048
The following example creates a self-signed certificate with a start date of January 1, 2020 and an expiration date of December 31, 2020:
New-SelfSignedCertificate -DnsName “MyCert” -NotBefore “01/01/2020” -NotAfter “12/31/2020”
Tips
When using the New-SelfSignedCertificate command, there are several tips to keep in mind:
- Make sure to specify the correct DNS name for the certificate.
- Specify the start and expiration dates for the certificate.