Self-signed Certificate
From MgmtWiki
Contents
Full Definition or Meme
An Authority root-of-trust is a Self-signed Certificate.
Context
Federation or public chain of trust is rooted in a Self-signed Certificate.
Solution
It is important is most cases that you understand the location where the cert will be installed.
on Windows Powershell
- Context - you can run powershell with admin credentials.
- Navigate to targeted directory. for example PS C:\WINDOWS\system32> cd cert:\currentUser\my
- A directory listing of that particular directory will show all of the certs used create a root of trust.
on Windows with IIS
- Context Windows IIS 7 that contains the service that needs a SSL certificate (will go to localmachine\my
- Click on the Windows icon in the taskbar, Search for IIS, and open Internet Information Services (IIS) Manager.
- Click on the name of the server in the Connections column on the left. Double click the Server Certificates icon.
- In the Actions column on the right hand side, click on Create Self Signed Certificate.
- Enter the friendly name you wish to use to identify the certificate, and then click OK.
- You now have an IIS Self Signed Certificate, valid for one year, which will be listed under Server Certificates. The common name, is the server name.
- PS Cert:\currentUser\my> New-SelfsinedCertificate -DnsName "trustregistry.us" -KeyUsage DigitalSignature -KeyExportPolicy Exportable -KeyAlgorithm RSA -KeyLength 2048
- This command does not specify the NotAfter parameter. Therefore, the certificate expires in one year.