Generate custom SSL Certificate

The following steps describe the process of generating a custom SSL certificate of your choosing and importing it to the essential stores on Windows Server 2012 R2.

1.Open Window PowerShell.

2.Execute the following commands:

a.$customcertificate = New-SelfSignedCertificate -DnsName "<FQDN>" -CertStoreLocation "cert:\localmachine\my"
 
In the command above, replace <FQDN> with the corresponding version of subject name you can see in ESA Web Console at Components > Invitations > Server info.

b.$exportpassword = ConvertTo-SecureString -String '<password>' -Force -AsPlainText

 In the command above, replace <password> with a password of your choice.

c.$certPath = 'cert:\localMachine\my\' + $customcertificate.thumbprint

d.Export-PfxCertificate -cert $certPath -FilePath $env:USERPROFILE\Desktop\ESAcustomCertificate.pfx -Password $exportpassword

 This final command will place the ESAcustomCertificate.pfx certificate on your desktop.

3.Press the Windows key + R keyboard shortcut to open the Run dialog.

4.Type mmc, and press Enter to open MMC.

a.Navigate to File > Add/Remove Snap-in.

b.Select Certificates > Add.

c.Select Computer Account, click Next, then click Finish. Click OK to close the Add or Remove Snap-ins window.

5.In the left pane of MMC expand Certificates (Local Computer) > Personal, and right-click Certificates.

6.Select All Tasks > Import....

a.In the import wizard click Next, click Browse, from the file extension list-box select "Personal Information Exchange (*.pfx, *.p12)", locate the exported certificate file, click Open, and then click Next.

b.Enter the password used in command no. 2 and click Next.

c.Make sure the Place all certificates in the following store is selected and the defined store name is "Personal". Click Next and click Finish.

7.In the left pane of MMC expand Certificates (Local Computer) > Trusted Root Certification Authorities, and right-click Certificates.

8.Select All Tasks > Import..., and repeat steps 6a to 6c.

9.Double-click the certificate in Certificates (Local Computer) > Personal > Certificates and make sure the line You have a private key that corresponds to this certificate is displayed.