Use the Powershell command below to generate a self-signed SSL certificate on a Windows Server 2019+. Make sure you run the Powershell Window as Administrator.
Step 1: Generate self-signed certificate with one CN name.
The command below generates the SSL certificate and automatically imports it to the local machine certificates in this folder: “Local Computer\Personal\Certificates”.
New-SelfSignedCertificate -DnsName myserver.local -CertStoreLocation cert:\LocalMachine\My
(Tip) generate self-signed certificate with multiple CN names.
If you wish to include multiple DNS entries in a single certificate, separate multiple entries by a comma “,” like this:
New-SelfSignedCertificate -DnsName myserver.local, altname1.local, altname2.local, altname3.local -CertStoreLocation cert:\LocalMachine\My
Step 2 (optional): generate self-signed certificate and add it to the trusted Root Store on local machine.
For certain applications such as Report Server the used certificate needs to be trusted by the local machines Root Store. In order to do this, you can use the following one-liner statement.
Careful: you should only apply execute this command on development or testing machines.
$cert = New-SelfSignedCertificate -DnsName myserver.local -CertStoreLocation cert:\LocalMachine\My; $store = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList 'Root', 'LocalMachine'; $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite); $store.Add($cert); $store.Close();
Step 3: View your self-signed certificate with “Manage computer certificates”
Open the “Manager computer certificates” from the Windows Start Menu. Then go to:
- Certificates – Local Computer
- Personal
- Certificates
- Personal
In the right hand side you should see the generated certificate. You can now use this certificate in for example IIS or Report Server.