Menu
I'm trying to use New-SelfSignedCertificate in PowerShell to create a certificate on Windows 10, but the command gives me a permissions error. I'm using an Administrator account.
Command:
New-SelfSignedCertificate -Type Custom -Subject "CN=Contoso Software, O=Contoso Corporation, C=US" -KeyUsage DigitalSignature -FriendlyName MyCert -CertStoreLocation "Cert:\LocalMachine\My"
Output:
New-SelfSignedCertificate : CertEnroll::CX509Enrollment::_CreateRequest: Access denied. 0x80090010 (-2146893808 NTE_PERM)
At line:1 char:1
+ New-SelfSignedCertificate -Type Custom -Subject "CN=Contoso Software, ..."
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-SelfSignedCertificate], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCommand
622
As mentioned in the comments, although PowerShell.exe is run under a user account with "Administrative Rights". The process cannot use those rights unless it is elevated.
PowerShell windows will add "Administrator:" in the title bar by default. Otherwise you can check if you an administrator by running this command:
([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
When you launch PowerShell if done by GUI, you can Right-Click -> Run as Administrator.
Otherwise you can spawn a new process that is elevated by running Start-Process powershell.exe -Verb Runas
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
