troubleshooting Question

Use New-SelfSignedCertificate to create a Trusted Root certificate

Avatar of Gordon Saxby
Gordon SaxbyFlag for United Kingdom of Great Britain and Northern Ireland asked on
SSL / HTTPSPowershell* Public Key Infrastructure (PKI)
5 Comments1 Solution7528 ViewsLast Modified:
I am trying to use New-SelfSignedCertificate to create a Trusted Root certificate and then to create some Personal certificates to use for local development testing (IIS).

I followed the instructions on this site

I used this to create the root certificate:
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname "XXX Local Certificate Authority"

When I look at the certificate, the intended purposes are:

  • Proves your identity to a remote computer
  • Ensures the identity of a remote computer
  • All issuance policies

Rather than the expected:

  • All issuance policies
  • All application policies

I created a client certificate with:
New-SelfSignedCertificate -Subject *.testing.local  -DnsName *.testing.local, testing.local -CertStoreLocation Cert:\LocalMachine\My  -Signer $rootcert

Which seems to work, but the certificate says "This certificate is not valid for the selected purpose"

The certificates do kind of work in IIS, but I have Kaspersky and it keeps interrupting, saying certificate not valid (or something).
Chris Dent
PowerShell Developer
Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros