Use Windows PowerShell to Prepare Certificates

About this task

To create a self-signed certificate using Windows PowerShell, refer to the following steps:

Note: The steps below are based on running the Windows PowerShell on a machine with the Windows 10 or Windows 11 operating system.

Right-click Windows PowerShell on the machine, and select Run as administrator from the drop-down list.
Refer to the following example to use the New-SelfSignedCertificate cmdlet to generate certificate files.
```
$cert = New-SelfSignedCertificate -Subject CN=IBMCustomApp -CertStoreLocation 'Cert:\CurrentUser\My'
```
Press Enter on the keyboard.
Enter the following command to export the .crt (or .cer) file.
```
Export-Certificate -Cert $cert -FilePath IBMCustomApp.crt
```
Enter the following command to export the .pbx file with a password.
```
Export-PfxCertificate -Password $(Read-Host -AsSecureString -Prompt "Enter a password to protect the certificate") -Cert $cert -FilePath IBMCustomApp.pfx
```
Press Enter on the keyboard.
After completing the steps above, you will get two certificate files:
- The .cer file can be uploaded for the custom app in Microsoft Entra ID. For additional details on uploading the certificate, refer to Create a Custom Azure App.
- The .pfx file can be uploaded to IBM® Storage Protect for Cloud to consent to the app. For additional details, refer to Consent to Custom Apps or Re-authorize an App Profile.
If you want to remove the certificate files, enter the following command:
```
Remove-Item "Cert:\CurrentUser\My\$($cert.Thumbprint)”
```