HTTPS to Windows VM: Finding/generating certificate on VM?

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about HTTPS to Windows VM: Finding/generating certificate on VM? was one problem in server stack that need for a solution. Below are some tips in manage your windows server when you find problem about windows, https, , , .

I am testing a REST service against a Windows VM that is provided by the service owner. I have Admin level access to the VM via RDP.

The test setup is to modify the hosts file on the machine that runs the test to point the service.location.net to the IP of the VM, and then do a POST to https://service.location.net/endpoint

My issue is that the https connection is rejected as the sending machine is unable to establish a valid https connection.

I can spoof this in my proof-of-concept code by overriding this from code, but that won’t cut it for the next level of validation/integration.

How do I either find or generate a certificate on the Windows VM, and how do I then import/install it on the test machine that will POST to the VM?

You can generate a certificate on the VM with Powershell:

New-SelfSignedCertificate

This first command will create a SelfSigned Certificate, stored in the machine’s personal store.

$cert = New-SelfSignedCertificate -DnsName "service.location.net" -CertStoreLocation "cert:LocalMachineMy"

Then, this command will export the certificate in c:temp (protected by a password)

Export-PfxCertificate

Export-PfxCertificate $cert -Password (ConvertTo-SecureString -String "PASSWORD" -AsPlainText -Force) -FilePath c:tempcert.pfx

Finally, you have to import this certificate on the test machine, for example, with this command:

Import-PfxCertificate

Import-PfxCertificate -FilePath "C:tempExportedCert.pfx" -CertStoreLocation cert:LocalMachineroot -Password (ConvertTo-SecureString -String "PASSWORD" -AsPlainText -Force)

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

Follow this Microsoft support post for how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or Windows Server 2016.

Leave a Reply

Your email address will not be published.