Good morning. It has been quite some time since I last posted. I ran across this little gem this morning and figured I would share.
So you want to use a self-signed certificate for (RDS) Remote Desktop Services or maybe a custom website, but you want the certificate to be valid for longer than a year. You can now use PowerShell to create a certificate for as long as you like. Before we get into how to do this, let me emphasize this is not recommended by Microsoft. It is much preferred to use a 3rd party trusted certificate. Also the below command will only work in Windows Server 2016/Windows 10 and higher.
To create a self-signed certificate for a web server that is valid for 5 years:
New-SelfSignedCertificate -Subject “RDS.Contoso.local” -DnsName “RDS.Contoso.com”, “www.contoso.com” -CertStoreLocation “cert:\LocalMachine\My” -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(5)
Glennopedia 
It does not work in Windows 2012 R2 NotAfter is not a parameter accepted by the command, maybe upgrading the powershell version ?
LikeLike
You are correct. As stated in the post, this command will only work in Windows Server 2016/Windows 10 or higher.
LikeLike