by Steven Jordan on 4/16/2014

Take Away:  Use Microsoft Windows and its MakeCert tool to create free SSL certificates.  These custom-made certificates can be added as trusted resources for individual users and computers.  Their primary use is generally for testing purposes, code-signing, and other unique situations. 

Create certificates in three easy steps:

1. Download MakeCert:  Use the Microsoft tool called MakeCert to generate the certificate.  Microsoft includes MakeCert with their Windows 8 Software and Development Toolkit.
   
   *Hint, choose the Windows App Certificate Kit to avoid downloading the entire SDK.
   
   
   
   MakeCert is also available for download on my OneDrive.
2. Create a Certificate and Private Key: 
   
   a.) Makecert.exe is located in the c:\Windows Kits\8.0\bin\x64 directory by default.  Feel free to copy it to a different location.
   
   b.) Run makecert.exe with the following extended options: 
   
   C:\scripts>makecert -n "CN=Self Sign Cert" -a sha256 -eku "1.3.6.1.5.5.7.3.3" -r -sv root.pvk root.cer -ss root -sr localmachine
   
   N.B., -n=Subject Name; -a=digest algorithm; -eku=Enhanced Key Usage, OID; -r=self signed; -sv= Subject PVK file; -ss=Certificate Store Name; -sr=Certificate store location.
   
   d.)  The above command requests a new private key password. 
   
   
   
   e.)  The new private key and certificate file are located in the same directory as the Makecert application.
3. Pair the Certificate and Private Key:
   
   a.) Run the following command:
   
   C:\scripts>makecert -pe -n "CN=PowerShell local certificate root" -ss MY -a sha1 -eku "1.3.6.1.5.5.7.3.3" -iv root.pvk - ic root.cer
   
   b.) The above command requests the private key password.
   
   
   
   c.) The certificate pair automatically imports into the Windows Certificate Store.  This is confirmed using the MMC Certificate Snap-In.
   
   Start → MMC → Add/Remove Snap-In → Certificates → Personal 
   
   
   
   

That's It!

References:

http://blogs.msdn.com/b/kaushal/archive/2013/06/13/working-with-wild-card-certificates.aspx
http://kreelbits.blogspot.com/2013/09/deploying-signed-powershell-scripts-in.html
http://technet.microsoft.com/en-us/magazine/2008.04.powershell.aspx

Network Security PKI Windows Server