I'm trying to create a self signed certificate on win server 2012r2 machine using Powershell. The intent is to redirect traffic from HTTP to HTTPS

Question

I'm trying to create a self signed certificate on win server 2012r2 machine using Powershell. The intent is to redirect traffic from HTTP to HTTPS.

a. do we always need a self signed Root certificate before we create a client certificate? If yes, how do we repurpose an existing self signed Root certificate?

b. If we are using the existing self signed Root certificate to create a client certificate, the Powershell commands that I see are not compatible with win2012R2. can someone share the version specific commands?

Answer 1

You can create a self-signed certificate with this command in Server 2019

https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate?view=windowsserver2019-ps

You can try the PSPKI module on server 2012R2

https://github.com/PKISolutions/PSPKI

it contains the command New-SelfSignedCertificateEx that creates a self-signed cert.

A bunch of other methods to create self signed certs: https://medium.com/the-new-control-plane/generating-self-signed-certificates-on-windows-7812a600c2d8

In IIS you need to bind the certificate to your website. The certificate will not be trusted by your clients because it is self-signed. However, you can import the self-signed certificate to your client's local certificate store.

In case you want to build a proper environment, a PKI is needed.
https://social.technet.microsoft.com/wiki/contents/articles/11750.adcs-step-by-step-guide-single-tier-pki-hierarchy-deployment.aspx