Adding a self-signed cert into trusted certificates list with powershell on Windows 7

I created a self-signed certificate on Windows 7 and deployed a web site with this certificate just to try it out.

When I configured the HTTPS endpoint and visit the site with HTTPS protocol, I get the "not a trusted cert" error as expected.

Then I try to make this cert a trusted one on my machine with following PowerShell code:

$cert = (get-item cert:\CurrentUser\MY\1D5B3DEF207B70C7426953315A8C06EB38E50FAA)
$store = get-item cert:\LocalMachine\Root
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()

It didn't work, I still get the same error. Then, I delete it from trusted certs list and tried with the below code again:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\certs\foo2.foo.cc.cer")
$store = get-item cert:\LocalMachine\Root
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()

That didn't work either. What am I missing?


Solution 1:

Your code looks fine and I'm assuming you're not getting any errors either. A bunch of things to check:

  • Open the certificates MMC and make sure your cert is being added.
  • Check the common name and subject alternative names of the cert. The domain of the URL you put in the browser has to match one.
  • Make sure the certificate not after date is not in the past.
  • Make sure you are using a web client that uses the Windows trust store. Firefox has its own.
  • Compare the certificate SHA1 hash from the browser to the one you are installing to make sure its the right one.