Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # =====================================================================
- # Self-signed Client Auth certificate in Local Machine store, exported
- # as separate PEM files (PKCS#1 RSA format)
- # =====================================================================
- # Output PEM file paths
- $CertPemPath = "$env:TEMP\clientcert.crt"
- $KeyPemPath = "$env:TEMP\clientkey.key"
- # Create self-signed client certificate in Local Machine\My
- # Requires running PowerShell as Administrator
- $cert = New-SelfSignedCertificate `
- -Subject "CN=MyClientCert" `
- -Type Custom `
- -KeyAlgorithm RSA `
- -KeyLength 2048 `
- -KeyExportPolicy Exportable `
- -KeySpec Signature `
- -CertStoreLocation "Cert:\LocalMachine\My" `
- -NotAfter (Get-Date).AddYears(1) `
- -KeyUsage DigitalSignature `
- -EnhancedKeyUsage "Client Authentication"
- Write-Host "Certificate created in Local Machine\My store:"
- Write-Host " Subject: $($cert.Subject)"
- Write-Host " Thumbprint: $($cert.Thumbprint)"
- Write-Host ""
- # Export private key in PKCS#1 RSA format
- $rsa = $cert.GetRSAPrivateKey()
- $pkcs1Bytes = $rsa.ExportRSAPrivateKey()
- $privateKeyPem = "-----BEGIN RSA PRIVATE KEY-----`n" +
- ([Convert]::ToBase64String($pkcs1Bytes) -split "(.{64})" | ? { $_ -ne "" }) -join "`n" +
- "`n-----END RSA PRIVATE KEY-----"
- # Export certificate in PEM format
- $certPem = "-----BEGIN CERTIFICATE-----`n" +
- ([Convert]::ToBase64String($cert.RawData) -split "(.{64})" | ? { $_ -ne "" }) -join "`n" +
- "`n-----END CERTIFICATE-----"
- # Save PEM files
- Set-Content -Path $KeyPemPath -Value $privateKeyPem -Encoding ascii
- Set-Content -Path $CertPemPath -Value $certPem -Encoding ascii
- Write-Host "PEM files exported:"
- Write-Host " Certificate: $CertPemPath"
- Write-Host " Private key: $KeyPemPath"
- Write-Host ""
- Write-Host "You can view the certificate in Cert Manager:"
- Write-Host " Run: certlm.msc → Personal → Certificates"
Add Comment
Please, Sign In to add comment
