Hmm...This Might Work

Solutions from a day long since past
posts - 20, comments - 7, trackbacks - 0

New-SelfSignedCertificate and CERT Provider


Well the non-whimsical title aside I must say “hats off “ to those PowerShell gurus at Microsoft. You’ve made my live a bit easier.
This quick post is a look at the New-SelfSignedCertificate CMDLET and how the PowerShell Certificate (CERT) Provider.

I realize both are rather self explanatory, the first creating a self signed certificate where as the other providing directory
like interaction / access within PowerShell to the certificate stores. Essentially making the need to spin ye old mcc certificate
console a moot point.

Suppose you’re tasked with building a functional lab {insert Microsoft software title here} environment, naturally you want to
automate as much as possible yet those pesky certificates cause you to break open IIS to create a self signed certificates.
Sure, it’s only an extra manual step or two but my take, why do manual when automation isn’t but half the effort more?

That said what if the requirements are for a SharePoint 2013 LAB, with a functioning APP Model. The app model requirements bring
along with it the requirements for wildcard certificates.  Now I could be missing something but my testing within IIS8 didn’t allow
for specifying the FQDN (CN).

I guess at this point, one could consider a few options. First one might be inclined to stand up a lab PKI(or leverage an existing one)
Of course a more simple but costly route would be to use public certificates.

If time and money are constraints then our friendly neighborhood PowerShell cmdlet and CERT provider can quickly help us out.  
After all the New-SelfSignedCertificate will let us specify our DNS name or DNS names. Yes…That was plural of names, as in more
than one. And since we are talking DNS names, well then we only find ourselves limited by what is defined in DNS or the server
HOSTS file (none of us do that – right?)

So take this snippet and incorporate it into your automated lab builds or conversely offer your own opinion

#Issue A Self Signed Cert

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName *,

#Export Self Signed Cert To Temp Location

Get-ChildItem Cert:\LocalMachine\My | Where {$_.Subject -like "*"} | Export-Certificate -Type CERT -FilePath E:\Temp\SelfSign.cert

#Import To TRUSTED ROOT AUTHORITY – This prevents browser Errors

Import-Certificate -FilePath E:\temp\SelfSign.cert -CertStoreLocation Cert:\LocalMachine\Root

#Clean Up Temp

Remove-Item -Path E:\Temp\SelfSign.cert

#Move Certificate From Personal To WebHosting

Get-ChildItem Cert:\LocalMachine\My | Where {$_.Subject -like "*"} | Move-Item -Destination Cert:\LocalMachine\WebHosting


Hope this helps someone.

Print | posted on Monday, June 30, 2014 4:49 PM | Filed Under [ SharePoint 2013 ]


No comments posted yet.

Post Comment

Please add 7 and 2 and type the answer here:

Powered by: