If you follow these steps you can create a self signed certificate with the following specifications:
- Wildcard certificate
- SHA256 hash
- 10 years
- 2048 bits public key
- Client and server verification
- Sha1 fingerprint
Be aware that self-signed certificates can manipulate by a man-in-the-middle. You should not use this in critical production environments.
Please use windows 10 powershell in admin mode. Otherwise you will get errors
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname *.domain.local -NotBefore $([datetime]::now.AddDays(-15)) -NotAfter $([datetime]::now.AddDays(3560))
Now export the certificates. Before you copy/paste change the thumbprint with the thumbprint you get from the above command.
$CertPassword = ConvertTo-SecureString -String "YourPassword" -Force –AsPlainText Export-PfxCertificate -Cert cert:\LocalMachine\My\C6B46CEB7D3A40DB08E78B19FEDD3A24EA7A7919 -FilePath C:\test.pfx -Password $CertPassword Export-Certificate -Cert Cert:\LocalMachine\My\C6B46CEB7D3A40DB08E78B19FEDD3A24EA7A7919 -FilePath C:\tstcert.cer
Now you can import the PFX with IIS and bind the certificate in IIS.
And import the *.CER in your MMC > Certificates > Computer account > trusted root Certification authority > Certificates
Have fun with your certificate the next 10 years 😀