Using PowerShell to create a self signed certificate for longer than 1 year

Posted on by Glenn

Good morning.  It has been quite some time since I last posted.  I ran across this little gem this morning and figured I would share.

So you want to use a self-signed certificate for (RDS) Remote Desktop Services or maybe a custom website, but you want the certificate to be valid for longer than a year.  You can now use PowerShell to create a certificate for as long as you like.  Before we get into how to do this, let me emphasize this is not recommended by Microsoft.  It is much preferred to use a 3rd party trusted certificate.  Also the below command will only work in Windows Server 2016/Windows 10 and higher.

To create a self-signed certificate for a web server that is valid for 5 years:
New-SelfSignedCertificate -Subject “RDS.Contoso.local” -DnsName “RDS.Contoso.com”, “www.contoso.com” -CertStoreLocation “cert:\LocalMachine\My” -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(5)

Advertisement