7

Using the New-SelfSignedCertificate cmdlet, I want to specify the location on my harddrive as C:\Development\My Project. This command:

New-SelfSignedCertificate -CertStoreLocation "cert:\LocalMachine\Development\My Project"

gives this error:

Cannot find path 'Cert:\LocalMachine\Development\My Project' because it does not exist.

How do I do this?

$PSVersionTable.PSVersion
Major  Minor  Build  Revision
-----  -----  -----  --------
5      0      10586  962
Al Lelopath
  • 6,448
  • 13
  • 82
  • 139
  • does the path exist: cd cert:; cd localmachine; ls. if development doesn't exist then your problem is that hte cert store path you specified needs ot be created. – thepip3r Jun 26 '17 at 15:28
  • https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.security/providers/new-item-for-certificate – thepip3r Jun 26 '17 at 15:33
  • `C:\Development\My Project` exists on the file system. So, apparently, there is a difference between a directory location on the file system and LocalMachine certificate store location – Al Lelopath Jun 26 '17 at 15:44
  • @thepip3r: Would `New-Item -Path Cert:\LocalMachine\Development\My Project` create a store location at *C:\Development\My Project* and would I be able to see it in the File Explorer? – Al Lelopath Jun 26 '17 at 15:50
  • 1
    it should and no, you wouldn't see it in File Explorer but you should be able to see it in certmgr.msc. You have to load it from the MMC though since executing it directly defaults to the user store. So... mmc.exe, Add -> Snap-In, Certificate Store (i think). – thepip3r Jun 26 '17 at 17:54
  • I can see now that that is true. I can execute the command successfully if I use `-CertStoreLocation` with a path that does not have a space in it (and also, I did not use New-Item) and that works. So the problem appears to be the space in the path. – Al Lelopath Jun 26 '17 at 19:22

2 Answers2

14

The path that you specify for New-SelfSignedCertificate -CertStoreLocation is a certificate store, not a file path. What you will most likely want to do is specify cert:\LocalMachine\my which will create the certificate in your personal store, and then export that certificate to a file on the hard drive if you need it in file form. Something like this should work for that:

$notAfter = [datetime]::Today.AddYears(2)
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName $env:USERDNSDOMAIN -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
$pwd = 'SuperS3cret!'
$SSpwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath "C:\Development\My Project\MyDevCert.pfx" -Password $SSpwd
TheMadTechnician
  • 34,906
  • 3
  • 42
  • 56
  • If this is the confusion, the reason you can treat it like a filepath is that PowerShell mounts a drive on load that is denoted as 'cert:' just like it would a drive for 'c:' or 'd:'. This is rather a unique feature which makes interacting with the cert store anologous to the filesystem but not identical. – thepip3r Jun 27 '17 at 13:12
  • You've found the error in my thinking, thank you, so I'll check this off. I can't get it to produce a valid cert, so I've [posted another question](https://stackoverflow.com/questions/44784717/the-selected-certificate-is-not-valid-for-coded-signing) – Al Lelopath Jun 27 '17 at 15:51
  • Oh, I see I should have prefaced my comment with @TheMadTechnician – Al Lelopath Jun 27 '17 at 15:58
  • @TheMadTechnician Is there a way to create a certificate without using the certificate store? – fra May 15 '18 at 05:20
  • @fra Not that I'm readily aware of, but why not use it? If you don't want to keep it just delete it from the cert store afterwards. – TheMadTechnician May 15 '18 at 17:48
2

I got this error when I had an undefined execution policy for the CurrentUser scope.

Get-ExecutionPolicy -List

If it's undefined, set it to RemoteSigned with this command

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Logan
  • 33
  • 6