PowerShell - Create Self-Signed Development Certificate

Create Self-Signed Development Certificate

Code Properties

• Language: PowerShell
• Cmdlets: New-SelfSignedCertificate, Export-Certificate, Set-AuthenticodeSignature
• Requires: Administrator privileges

Overview

Sources:

• Create a self-signed public certificate - Microsoft Learn
• Digital Signatures - Windows drivers | Microsoft Learn
• WSL Plugins | Microsoft Learn

This script creates a new self-signed development certificate, exports it to a local .cer file, and demonstrates how to sign scripts or DLLs.

Code

#Requires -RunAsAdministrator
 
# declare certificate name
$CertName = "DevCert"
 
# specify parameters
$Params = @{
    Subject           = "CN=$CertName"
    CertStoreLocation = "Cert:\CurrentUser\My"
    KeyExportPolicy   = "Exportable"
    KeySpec           = "Signature"
    KeyLength         = 2048
    KeyAlgorithm      = "RSA"
    HashAlgorithm     = "SHA256"
    Type              = "CodeSigningCert"
}
 
# create the certificate
$Cert = New-SelfSignedCertificate @Params
 
# export certificate to local file
Export-Certificate -Cert $Cert -FilePath ".\$CertName.cer"
 
# sign a script
Set-AuthenticodeSignature -FilePath "path/to/script.ps1" -Certificate $Cert
 
# sign a DLL
Set-AuthenticodeSignature -FilePath "path/to/library.dll" -Certificate $Cert

To import the certificate to the Trusted Root Certification Authority:

certutil -addstore "Root" ".\$CertName.cer"

Usage

1. Run PowerShell as Administrator
2. Execute the script to create the certificate
3. Use Set-AuthenticodeSignature to sign your scripts or DLLs
4. Import the certificate to trusted roots on target machines

---

Appendix

Note created on 2024-04-13 and last modified on 2024-12-31.

See Also

• PowerShell Code Index

Backlinks

---

(c) No Clocks, LLC | 2024