Difference between revisions of "Self-signed Certificate"

Revision as of 10:12, 20 May 2020

An Authority root-of-trust is a Self-signed Certificate.

Federation or public chain of trust is rooted in a Self-signed Certificate.

It is important is most cases that you understand the location where the cert will be installed.

Navigate to targeted directory. for example PS C:\WINDOWS\system32> cd cert:\currentUser\my
A directory listing of that particular directory will show all of the certs used create a root of trust.

Context Windows IIS 7 that contains the service that needs a SSL certificate (will go to localmachine\my

Click on the Windows icon in the taskbar, Search for IIS, and open Internet Information Services (IIS) Manager.
Click on the name of the server in the Connections column on the left. Double click the Server Certificates icon.
In the Actions column on the right hand side, click on Create Self Signed Certificate.
Enter the friendly name you wish to use to identify the certificate, and then click OK.
You now have an IIS Self Signed Certificate, valid for one year, which will be listed under Server Certificates. The common name, is the server name.
PS Cert:\currentUser\my> New-SelfsinedCertificate -DnsName "trustregistry.us" -KeyUsage DigitalSignature -KeyExportPolicy Exportable -KeyAlgorithm RSA -KeyLength 2048

This command does not specify the NotAfter parameter. Therefore, the certificate expires in one year.

@@ Line 18: / Line 18: @@
 #Enter the friendly name you wish to use to identify the certificate, and then click OK.
 #You now have an IIS Self Signed Certificate, valid for one year, which will be listed under Server Certificates. The common name, is the server name.
+#PS Cert:\currentUser\my> New-SelfsinedCertificate -DnsName "trustregistry.us"  -KeyUsage DigitalSignature -KeyExportPolicy Exportable -KeyAlgorithm RSA -KeyLength 2048
+#This command does not specify the NotAfter parameter. Therefore, the certificate expires in one year.
 ==References==