Self signed certificates for testing

A question on the forum

indicated a problem when using a self signed certificate for testing code signing.

According to the about_signing help file

    To create a self-signed certificate in use the New-SelfSignedCertificate
    cmdlet in the PKI module. This module is introduced in Windows PowerShell
    3.0 and is included in Windows 8 and Windows Server 2012. For more
    information, see the help topic for the New-SelfSignedCertificate cmdlet.

    To create a self-signed certificate in earlier versions of Windows, use
    the Certificate Creation tool (MakeCert.exe). This  tool is included in
    the Microsoft .NET Framework SDK (versions 1.1 and later) and in the
    Microsoft Windows SDK.

However the cert produced by New-SelfSifgnedCertificate only appears to function as a SSL self signed cert. It isn’t accepted as a code signing cert.

You can still get the makecert utility for Windows 8.1 from

and Windows 8 from

The makecert utility can be found in

C:\Program Files (x86)\Windows Kits\8.1\bin\x64

C:\Program Files (x86)\Windows Kits\8.1\bin\x86

for the 64 & 32bit versions respectively

While you shouldn’t use self-signed certs for production they are useful for testing. My recommendation is to use the makecert utility rather than the PKI cmdlet

This entry was posted in Powershell. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s