Generating a Self-Signed Certificate for Scripts
You are viewing documentation for an older version of Secret Server. If you are using Secret Server Cloud visit the current version of this documentation here. If you are using Secret Server On-Premises choose the version that matches yours from this list.
For release dates, end-of-support timelines, and upgrade guidance, see the Secret Server Product Lifecycle page.
For release dates, end-of-support timelines, and upgrade guidance, see the Secret Server Product Lifecycle page.
Please run the following as Administrator.
Copy
# This simply generates a self-signed certificate which will import into Secret Server
# Requires .NET 4.5 or above
# Please Run As Administrator
### User Variables ###
# Filename of PFX
$filename = 'PFXNAMEHERE.PFX'
# Certificate Password for PFX
$pass = Read-Host -Prompt "Please Enter Password for .pfx file" -AsSecureString
# DNS name in certificate
$dnsname = Read-Host -Prompt "Please enter the server's FQDN"
###--Commands--###
# NOTE: The provider must be set in order to be compatible with .NET 4.5 newer versions of .NET can import certs from more providers
try {
$cert = New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName $dnsname -HashAlgorithm SHA256 -KeyLength 4096 -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider"
$path = 'cert:\localmachine\my\' + $cert.thumbprint
Export-PfxCertificate -Cert $path -FilePath $filename -Password $pass
# remove from cert store
Remove-Item $path
}
catch { Write-Error $_ }
