header image

Self signed certificates for testing

Posted by: | July 25, 2015 Comments Off on Self signed certificates for testing |

A question on the forum


indicated a problem when using a self signed certificate for testing code signing.


According to the about_signing help file

    To create a self-signed certificate in use the New-SelfSignedCertificate
    cmdlet in the PKI module. This module is introduced in Windows PowerShell
    3.0 and is included in Windows 8 and Windows Server 2012. For more
    information, see the help topic for the New-SelfSignedCertificate cmdlet.

    To create a self-signed certificate in earlier versions of Windows, use
    the Certificate Creation tool (MakeCert.exe). This  tool is included in
    the Microsoft .NET Framework SDK (versions 1.1 and later) and in the
    Microsoft Windows SDK.


However the cert produced by New-SelfSifgnedCertificate only appears to function as a SSL self signed cert. It isn’t accepted as a code signing cert.


You can still get the makecert utility for Windows 8.1 from


and Windows 8 from



The makecert utility can be found in

C:\Program Files (x86)\Windows Kits\8.1\bin\x64

C:\Program Files (x86)\Windows Kits\8.1\bin\x86

for the 64 & 32bit versions respectively


While you shouldn’t use self-signed certs for production they are useful for testing. My recommendation is to use the makecert utility rather than the PKI cmdlet

under: PowerShell

Comments are closed.