powershellwindows-10x509certificate

New-SelfSignedCertificate to TrustedPublishers does not work


On Windows 10 with Powershell, I try to create a self-signed certificate directly in the TrustedPublishers store with the following command:

New-SelfSignedCertificate -Subject 'ABC' -CertStoreLocation Cert:\LocalMachine\TrustedPublishers

But I get the error:

New-SelfSignedCertificate : Cannot find path 'Cert:\LocalMachine\TrustedPublishers' because it does not exist.
At line:1 char:2
+  New-SelfSignedCertificate -Subject 'B0014' -CertStoreLocation Cert:\ ...
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Cert:\LocalMachine\TrustedPublishers:String) [New-SelfSignedCertificate
   ], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCommand

However the LocalMachine\TrustedPublishers store seems to exist:

enter image description here

How can I create a self-signed certificate directly in the TrustedPublishers store?


Solution

  • The documentation shows the parameter -CertStoreLocation states it does not support any other store than cert:\LocalMachine\My or cert:\CurrentUser\My

    -CertStoreLocation [<String>]
        Specifies the certificate store in which to store the new certificate.  If the current path is
        Cert:\CurrentUser or Cert:\CurrentUser\My, the default store is Cert:\CurrentUser\My. If the current path is
        Cert:\LocalMachine or Cert:\LocalMachine\My, the default store is Cert:\LocalMachine\My. Otherwise, you must
        specify Cert:\CurrentUser\My or Cert:\LocalMachine\My for this parameter. This parameter does not support
        other certificate stores.
    

    Even if you set your location to the store and try to make a cert, you will get an error

    Set-Location Cert:\LocalMachine\TrustedPublisher\
    New-SelfSignedCertificate -Subject 'ABC'
    

    Error

    New-SelfSignedCertificate : A new certificate can only be installed into MY store.
    At line:1 char:1
    + New-SelfSignedCertificate -Subject 'ABC'
    

    However, you can simply create the cert in one of the allowed stores and move it.

    Set-Location Cert:\LocalMachine\My\
    New-SelfSignedCertificate -Subject 'ABC'
    
    Get-Childitem . | Where-Object subject -like '*abc' | Foreach-Object {
        Move-Item -Path $_.pspath -Destination cert:\LocalMachine\TrustedPublisher\
    }