4.22.3.4.2. Create a self-signed certificate
4.22.3.4.2.2. Create a self-signed certificate via Windows Power Shell
Prev  Next
4.22.3.4.2.2. Create a self-signed certificate via Windows Power Shell
4.22.3.4.2.2.1. Introduction
4.22.3.4.2.2.2. Windows Power Shell command
4.22.3.4.2.2.3. Adding permissions on the certificate
4.22.3.4.2.2.4. Exporting the certificate
4.22.3.4.2.2.1. Introduction

In this example we are going to generate a self-signed certificate that will be valid for ten years using PowerShell as Administrator user.

In this example the server has a hostname „testserver-01“ and we will use „3dfindit-testserver-01“ as a friendly name. For a friendly name you can add anything you want or use something a bit descriptive so that you can easily find your certificate if there are more of them for the same host. The local server user is „root“.

The certificate is created on the server. In the case of a manual creation, permissions have to be added to the certificate for local server user that will access the AppServer.

Next step is to export the created certificate and import it in the server's "Local Computer\Trusted Root Certification" store, and distribute the exported certificate to the clients and import the certificate in the same location as server's, meaning Local Computer\Trusted Root Certification store.

4.22.3.4.2.2.2. Windows Power Shell command

The PowerShell command is as follows:

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "testserver01" 
-FriendlyName "3dfindit-testserver-01" -NotAfter (Get-Date).AddYears(10)

4.22.3.4.2.2.3. Adding permissions on the certificate

  1. In order to add permissions on the certificate, run the Windows Certificate Manager (Windows-key + R-key -> certlm.msc ).

  2. Under Certificates - Local Computer -> Personal -> Certificate you can see the generated self-signed certificate.

  3. Right-click on the certificate and select All tasks -> Manage Private Keys....

    -> The Security window will popup.

  4. Click Add to add a local server user (in this case user "root") to the list of users that have permissions to use the certificate.

  5. In the Select Users or Groups window, enter the username (in this case user "root") in the box Enter the object names to select and select Check Names.

    We should get an output in the Enter the object names to select box in the format "HOSTNAME\username" as in this example "TESTSERVER-01\root" after you have selected Check Names.

    [Note]Note

    The hostname has a limit of 16 ASCII character because of NetBIOS compatibility. In case you have a hostname longer then 16 character the output in Enter the object names to select for the hostname will be only first 16 characters \username.

    If this was done in a domain environment the output would be: „Name (username@domain)“. For example: „user name (i.cabraja@cadenas.de)“

  6. Select OK

    -> In the security window, you will have user root on the list under Groups or user names with permissions Allow for Full control and Read.

  7. Select OK and permissions on the certificate for the user "root" have been successfully added.

4.22.3.4.2.2.4. Exporting the certificate

  1. To export the certificate right-click on the certificate and select All Tasks -> Export.

    -> The Certificate Export Wizard is opened.

  2. Select Next.

  3. Select No, do not export the private key and select Next.

  4. Select DER encoded binary X.509 (.CER) and Next.

  5. Select Browse....

  6. Select the location and a name for the exported certificate and select Save and select Next (In this example the location will be the C:\ drive and the name of the file will be certificate ).

  7. Select Finish and OK. The export process is done. Distribute the exported certificate to all clients.

In the next steps the certificate will be imported first on the server and then on the clients.

Prev Up Next
4.22.3.4.2.1. Create a self-signed certificate in PARTadmin on the PARTapplicationServer Home 4.22.3.4.2.3. Import certificate in Windows Certificate Manager