/
How to Generate a Self Signed Certificate

How to Generate a Self Signed Certificate

This document covers how to generate a self signed certificate that can be used with Foray ADAMS®. This is for use on standalone systems that have no way to open public ports 80 and 443 and do not have access to an internal CA.

Certificates created this way will not be trusted by any other computer.

Certificates created this way will expire after one year by default, there is no way to auto-renew. Use the “NotAfter” parameter to make the expiration further in the future.

 

  1. Open an elevated PowerShell prompt

  2. Run the following command, replacing the values in <>


    New-SelfSignedCertificate -FriendlyName "<FQDN DATE>" -Subject "<FQDN>" -DnsName "<FQDN>" -CertStoreLocation "Cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256


    Ex 1: A personal, non-domain, machine

    New-SelfSignedCertificate -FriendlyName "MYMACHINE 2023-08-10" -Subject "MYMACHINE" -DnsName "MYMACHINE" -CertStoreLocation "Cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256


    Ex 2: A work machine joined to a domain (this is really a situation where an internal certificate authority should be used)

    New-SelfSignedCertificate -FriendlyName "MYMACHINE 2023-08-10" -Subject "MYMACHINE.MYDOMAIN.LOCAL" -DnsName "MYMACHINE.MYDOMAIN.LOCAL" -CertStoreLocation "Cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256


    Ex: 3: This is an alternative that may be require on some OS versions. This also extends the valid time period out to 5 years.

    New-SelfSignedCertificate -FriendlyName "MYMACHINE 2023-08-10" -Subject "MYMACHINE.MYDOMAIN.LOCAL" -DnsName "MYMACHINE.MYDOMAIN.LOCAL" -CertStoreLocation "Cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5) -KeyAlgorithm RSA -KeyLength 2048 -HashAlgorithm SHA256 -KeyExportPolicy Exportable -KeyUsage DigitalSignature, KeyEncipherment -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1")

  3. Open “Manage computer certificates”

  4. Personal > Certificates

  5. Right click the certificate you just created

  6. Copy

  7. Trusted Root Certificate Authorities > Certificates

  8. Right click on Certificates

  9. Paste

You can now use the certificate in IIS.

Remember, you will need to access ADAMS applications using the fully qualified domain name. Ex: https://MYMACHINE/AdamsWeb

 

 

© 2023 Foray, LLC - All Rights Reserved