Skip to main content

How To Create a SHA-256 Self-Signed Certificate

Moderate - requires admin permissions

Overview

Self-signed certificates are acceptable for testing anything used internal.  By default, certificates created through Internet Information Services (IIS) on most Windows OS versions are based on the SHA-1 algorithm rather than the SHA-256 algorithm.  SHA-1 certificates are less secure due to their smaller bit size and are in the process of being sunset by all web browsers.

Step-by-Step

  1. Run PowerShell as administrator.

  2. Run the following command to create the certificate:

    New-SelfSignedCertificate –DnsName < Computer name > -CertStoreLocation

    For example: “cert:\LocalMachine\My”

    <Computer name> should be the name of the computer hosting the Jet Web Portal.  It should be fully qualified with the domain name (computer.domain.com).

  3. Next, we need to add the self-signed certificate as a trusted certificate authority.

    Run MMC -32 as administrator.

  4. Select File > Add or Remove Snap-ins. The Add or Remove Snap-ins window is displayed.

  5. Select Certificates and then selectAdd. The Certificates snap-in window is displayed.

  6. Select Computer account and press Next. The Select Computer page is displayed.

  7. Select Local computer, then click FinishThen selectOK

  8. Find the certificate in Personal > Certificates :

  9. Right-click the newly created certificate and then select Properties. Enter the desired Friendly Name field for the certificate based upon what you are testing.  Once completed, select the Apply button followed by OK

    cert3.png

  10. Right-click the certificate and select Copy.

  11. Expand Trusted Root Certificate Authorities.

  12. Right-click the Certificates folder and select Paste.

  13. In IIS Manager (usually requiring Administrator permissions), you can now see the self-signed certificate with SHA-256 as the SSL certificate.

    cert5.png

Related Articles

Was this article helpful?

We're sorry to hear that.