Create Self-Signed Certificate for Windows (Server 2012 R2) PowerShell 4.0

Scenario & Environment

Windows 2012 R2 Servers Environment with Powershell 4.0. For some reason servers remain outdated.

Problem Description

Self Signed Certificate is expired or about to be expired, and new one has to be created.


Open elevated Powershell CLI and create Self Signed Certificate with the following command-let:

New-SelfSignedCertificate -DnsName *.maaz.local, localhost -CertStoreLocation Cert:\LocalMachine\My

New-SelfSignedCertificate cmdlet is restricted for few options for Powershell 4.0 therefore you won’t be able to modify Certificate Expiry which will remain valid for a year from date of generation.

To export the generated certificate as file, go to Start Menu > Manager Computer Certificates > Certificates – Local Computer > Personal > Certificates. Find the certificate you just created (can check it by expiry date easily). Right Click > All Tasks > Export. You will see Certificate Export Wizard, click Next. On Export Private Key options, select “Yes, export the private key”. In Export File Format options just add a check to “Export all extended properties” in addition to the default ones. In Security section select your security settings for Group/Usernames or by opting for Password (or both). Browse to a location and specify the filename. Click Finish.

You can use the same certificate on any server on same domain.

More Resources


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.