Using certreq to create selfsigned certificates

So sometimes you need to create self-signed certificates in windows. Sometimes I have done it using Openssl software, Windows 2012 and later does include Powershell support using New-SelfSignedCertificate. But all versions of Windows does include all the binaries required to do it natively. It is a two part thing, first create the INF file and then run certreq using that file.

It will create and sign the certificate. Im not really sure why it is also asking where to store the CSR (Certificate Signing Request) so I just close that dialog.

A super simple self-signed certificate

It does not get any simpler than this. It will not limit the intended purposes of the certificate and not really good key size. Sure we can make it better by adding some intended purposes and cryptology

A better self-signed certificate

But now and then we need that the certificate need answer for multiple names a so called SAN certificate.

A SAN certificate

Sources

Technet – Certreq

Leave a Reply