windows

Create a self-signed certificate for Windows

In order to prepare us for our next article, which is signing your electron app for windows release, we will need to generate a self-signed certificate.

Lola Rigaut-Luczak

2 min read
Create a self-signed certificate for Windows

In order to prepare us for our next article, which is signing your electron app for windows release, we will need to generate a self-signed certificate. It is only for testing and should not be used in production.

It is pretty straightforward to create a self-signed certificate. It will require to use Windows or a VM running Windows.

Let's first open PowerShell.

Generate a self-signed certificate

We are going to use the PowerShell command New-SelfSignedCertificate to create our certificate. Here the full command :

$ New-SelfSignedCertificate -Type Custom -Subject "CN=Update Rock!, O=Update Rocks!, C=DE" -KeyUsage DigitalSignature -FriendlyName "Update Rocks!" -CertStoreLocation "Cert:\LocalMachine\My" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")
  • Subject should be the exact publisher name that you are going to use in your application.
  • KeyUsage defines what the certificate can be used for. For code signing we want it to be DigitalSignature.
  • TextExtension will help us define specific purpose for the certificate. Here the first parameter indicate that we want to do code signing (Extended Key Usage) and the second parameter is an extension that indicate if it is a CA or not (in our case it is not).

Once you have entered this command you will have thumbprint showing.

Result

You can list all the certificate after by doing : 

$ Set-Location Cert:\LocalMachine\My
$ ls

It will show you a list of the certificate at the location.

Cool. Cool. Cool.

Export your certificate

We need to export our certificate for our second part of our tutorial on signing windows release for your Electron project.

Once again nothing too complicated here. Just type those commands in your PowerShell.

$ $password = ConvertTo-SecureString -String <Your Password> -Force -AsPlainText 
$ Export-PfxCertificate -cert "Cert:\LocalMachine\My\<Certificate Thumbprint>" -FilePath <FilePath>.pfx -Password $password
  • Replace <Your Password> with your password obviously.
  • Replace <Certificate Thumbprint> with the thumbprint of the certificate we generated before.
  • Replace <FilePath> with the path of output directory (e.g $HOME\electron-example.pfx it will put the exported certificate in your user folder under the name electron-example.pfx )

We are now ready to start the signing process which would detailed in the next article.

Sign up for more like this.

Enter your email
Subscribe