How to Generate a Self Signed Certificate
- Mont Rothstein
This document covers how to generate a self signed certificate that can be used with Foray ADAMSĀ®. This is for use on standalone systems that have no way to open public ports 80 and 443 and do not have access to an internal CA.
Certificates created this way will not be trusted by any other computer.
Certificates created this way will expire after one year and there is no way to auto-renew.
Ā
Open an elevated Powershell prompt
Run the following command, replacing the values in <>
New-SelfSignedCertificate -FriendlyName "<FQDN DATE>" -Subject "<FQDN>" -DnsName "<FQDN>" -CertStoreLocation "Cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
Ex 1: A personal, non-domain, machineNew-SelfSignedCertificate -FriendlyName "MYMACHINE 2023-08-10" -Subject "MYMACHINE" -DnsName "MYMACHINE" -CertStoreLocation "Cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
Ex 2: A work machine joined to a domain (this is really a situation where an internal certificate authority should be used)New-SelfSignedCertificate -FriendlyName "MYMACHINE 2023-08-10" -Subject "MYMACHINE.MYDOMAIN.LOCAL" -DnsName "MYMACHINE.MYDOMAIN.LOCAL" -CertStoreLocation "Cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256Ā
Open āManage computer certificatesā
Personal > Certificates
Right click the certificate you just created
Copy
Trusted Root Certificate Authorities > Certificates
Right click on Certificates
Paste
You can now use the certificate in IIS.
Remember, you will need to access ADAMS applications using the fully qualified domain name. Ex: https://MYMACHINE/AdamsWeb
Ā
Ā
Ā© 2023 Foray, LLC - All Rights Reserved