Creates a Root CA, Server, and Client Certificate and installs them

CreateCertificates.ps1

# setup certificate properties including the commonName (DNSName) property for Chrome 58+
$root = New-SelfSignedCertificate `
    -Type Custom `
    -KeySpec Signature `
    -Subject "CN=DevRootCert" `
    -KeyExportPolicy Exportable `
    -HashAlgorithm SHA256 `
    -KeyLength 2048 `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -FriendlyName "Root CA Certificate for .NET Core" `
    -KeyUsageProperty All `
    -KeyUsage KeyEncipherment, DataEncipherment, CertSign `
    -TextExtension @("2.5.29.19={critical}{text}ca=1&pathlength=3")

$server = New-SelfSignedCertificate `
    -Subject localhost `
    -DnsName localhost `
    -KeyAlgorithm RSA `
    -KeyLength 2048 `
    -NotBefore (Get-Date) `
    -NotAfter (Get-Date).AddYears(2) `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -FriendlyName "Localhost Certificate for .NET Core" `
    -HashAlgorithm SHA256 `
    -KeyUsage DigitalSignature, KeyEncipherment, DataEncipherment `
    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") `
    -Signer $root

$client = New-SelfSignedCertificate `
    -Type Custom `
    -DnsName "DevChildCert" `
    -KeySpec Signature `
    -Subject "CN=DevChildCert" `
    -KeyExportPolicy Exportable `
    -HashAlgorithm SHA256 `
    -KeyLength 2048 `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -Signer $root `
    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

$rootPath = 'Cert:\CurrentUser\My\' + ($root.ThumbPrint)
$serverPath = 'Cert:\CurrentUser\My\' + ($server.ThumbPrint)
$clientPath = 'Cert:\CurrentUser\My\' + ($client.ThumbPrint)

# create temporary certificate path
$tmpPath = "C:\tmp"
If(!(test-path $tmpPath))
{
New-Item -ItemType Directory -Force -Path $tmpPath
}

# set certificate password here
$pfxPassword = ConvertTo-SecureString -String "password" -Force -AsPlainText
$rootPfxFilePath = "c:\tmp\root.pfx"
$rootCerFilePath = "c:\tmp\root.cer"
$serverPfxFilePath = "c:\tmp\server.pfx"
$serverCerFilePath = "c:\tmp\server.cer"
$clientPfxFilePath = "c:\tmp\client.pfx"
$clientCerFilePath = "c:\tmp\client.cer"

# create pfx certificate
Export-PfxCertificate -Cert $rootPath -FilePath $rootPfxFilePath -Password $pfxPassword
Export-Certificate -Cert $rootPath -FilePath $rootCerFilePath
Export-PfxCertificate -Cert $serverPath -FilePath $serverPfxFilePath -Password $pfxPassword
Export-Certificate -Cert $serverPath -FilePath $serverCerFilePath
Export-PfxCertificate -Cert $clientPath -FilePath $clientPfxFilePath -Password $pfxPassword
Export-Certificate -Cert $clientPath -FilePath $clientCerFilePath

# import the pfx certificate
Import-PfxCertificate -FilePath $rootPfxFilePath Cert:\LocalMachine\My -Password $pfxPassword -Exportable
Import-PfxCertificate -FilePath $serverPfxFilePath Cert:\LocalMachine\My -Password $pfxPassword -Exportable
Import-PfxCertificate -FilePath $clientPfxFilePath Cert:\LocalMachine\My -Password $pfxPassword -Exportable

# trust the certificate by importing the pfx certificate into your trusted root
Import-Certificate -FilePath $rootCerFilePath -CertStoreLocation Cert:\CurrentUser\Root
Import-Certificate -FilePath $serverCerFilePath -CertStoreLocation Cert:\CurrentUser\Root
Import-Certificate -FilePath $clientCerFilePath -CertStoreLocation Cert:\CurrentUser\Root

# optionally delete the physical certificates (don’t delete the pfx file as you need to copy this to your app directory)
# Remove-Item $pfxFilePath
Remove-Item $rootCerFilePath
Remove-Item $serverCerFilePath
Remove-Item $clientCerFilePath