Create Certificate Signed by CA

Step 1: Load the root authority certificate by executing the command below. Replace the certificate thumbprint.

$rootcert = ( Get-ChildItem -Path cert:\LocalMachine\My\AFA299CD881192D3F3FDE92BB463180C8540FC8A )

Step 2: Create a new certificate signed by the root certificate authority by executing the command below. Replace the value of the DnsName parameter with the fully qualified domain name.

New-SelfSignedCertificate -DnsName sana.local -CertStoreLocation cert:\LocalMachine\My -Signer $rootcert

You will see the thumbprint of the new certificate. You will need it to export the certificate.

Step 3: Define a password string by executing the command below. Replacing the value of the String parameter with the strong password.

$pwd2 = ConvertTo-SecureString -String "abcABC123!" -Force -AsPlainText

Step 4: Export the certificate signed by the root certificate authority as a PFX file by executing the command below. Replace the certificate thumbprint and specify the name of the certificate ("*.pfx").

Export-PfxCertificate -cert cert:\LocalMachine\My\F277194CD7FA80EC1A4418DB244683050675AE40 -FilePath sanacert.pfx -Password $pwd2

Now you can find the certificate (*.pfx) signed by the root certificate authority in the folder where the root certificate is stored.