How to create Self-Signed Certificates in PowerShell Windows 2012 R2

Rather than use any third party tools to generate your SSL certificate or if you don’t want to enable the IIS feature to create self signed certificate then below guide will show you how its done using your Windows Powershell running as Administrator to execute the scripts.

Before we begin you might want to check if there’s already ssl certificate that was previously installed in your system server:

Step 1: Click “Windows Start -> Run” from your server


and then check if there’s any certificate here at ‘Current User’ profile that might conflict later on when we create the SSL

Step 2: Open again the window “Run” and type


Click File -> Add/Remove Snap-in…


Select “Certificates” Then click “Add”


Select “Computer Account” as show below and click Next


Step 3: From this windows certificate manager “Local Computer” there’s no certificate that are currently assigned to this local system server so we may proceed to create new certificate


Step 4: Open your PowerShell window and run as ‘Administrator’ and type this below commands

New-SelfSignedCertificate -certstorelocation Cert:\LocalMachine\My -dnsname

Step 5: Copy the ‘Thumbprint’ key that was show in above image and type this next command to set the password that will be use in next step.

$pwd = ConvertTo-SecureString -String ‘[email protected]’ -Force -AsPlainText

Step 6: Now we will export the certificate using the thumbprint and call the password variable that we just created and save the certificate in local drive “c:\tmp\cert.pfx”

Export-PfxCertificate -cert cert:\localMachine\my\E72FD6F54234EDC717420F4C9FF8DBD68093D85F -FilePath c:\tmp\cert.pfx -Password $pwd

Step 7: Now open your File Explorer and go to local “c:\tmp” and double click the new certificate that was generated to install in local server.



Step 8: The Wizard window will pop-out this wizard will help you to copy certificates or to install the new certificate that we generated or issued by your trusted CA partner.

Step 9: By default once you double click the cert.pfx it will show the full path here and if incase its now the you need to click ‘Browse’ and go to the directory and click the certificate file.

Step 10: In this part make type the same password of your private certificate that  you created in Step 5: and un-check the “Include all extended properties.”

Step 11: This is where we store the certificates that we created make sure you put it in “Trusted Root Certification Authorities” by clicking ‘Browse’.

It’s done


Now you reboot your server and do the step 1 – 3 to verify if the new certificate is kept in their proper store folder. As you can see in this below image the “” has been created in Personal and Trusted Root.

Local Computer


Now that you have done this you can now use certificate in your LDAP authentication or change password just like this other page.

Leave a comment

Your email address will not be published.