Recently I came across an interesting parameter of the New-SelfSignedCertificate PowerShell cmdlet — the -Signer parameter. This parameter allows you to provide a reference to an already-existing certificate that can be used to sign the newly-created certificate. This turns out to be an extremely useful little feature because sometimes you just need chained certificates to test stuff (so much so that I wrote a library that does this for me).

Not surprisingly, this cmdlet is much easier to use.

$ca = New-SelfSignedCertificate -DnsName "My Certificate Authority" -CertStoreLocation "cert:\LocalMachine\My"
New-SelfSignedCertificate -DnsName "child.domain.com" -CertStoreLocation "cert:\LocalMachine\My" -signer $ca

And voilà.

Signed Certificate

2 Comments

  1. Jason

    So how do you set $ca to reference your actual ca certificate?

    Reply
    • The $ca variable is just a System.Security.Cryptography.X509Certificates.X509Certificate2 instance with private key, so you can load it from the certificate store or PFX file.

      Reply

Join the conversation