I have a windows server and I want to generate a cert that can support this
Hi Mike-6205,
Here’s the Step-by-Step to creating a self certified certificate to support 256 bit:
Run PowerShell as administrator
Run the following command to create the certificate:
New-SelfSignedCertificate –DnsName <Computer name> -CertStoreLocation “cert:\LocalMachine\My”
Next, we need to add the self-signed certificate as a trusted certificate authority...
Run MMC -32 as administrator
Select File > Add or Remove Snap-ins
Select Certificates and then click Add
Select Computer account and press Next
Select Local computer, then click Finish. Then Click OK.
Find the certificate in Personal > Certificates:
Right-click on the newly created certificate and then select Properties. Input the desired Friendly Name field for the certificate based upon what you are testing. Once completed, select the Apply button followed by OK.
Right-click on the certificate and choose Copy
Expand Trusted Root Certificate Authorities
Right-click on the Certificates folder
Select Paste
In IIS Manager (usually requiring Administrator permissions), you can now see the self-signed certificate with SHA-256 as the SSL certificate.
--If the reply is helpful, please Upvote and Accept as answer--
Hi,
The certificate doesn't control which cipher will be used for the connection encryption, the server and client negotiate a mutually agreed cipher. If you want to control which cipher is used, you will need to limit what cipher are supported by the server.
Have a look at this article on Ciphers https://en.wikipedia.org/wiki/Cipher_suite
This one to control the ciphers which ciphers are enabled https://dirteam.com/sander/2019/07/30/howto-disable-weak-protocols-cipher-suites-and-hashing-algorithms-on-web-application-proxies-ad-fs-servers-and-windows-servers-running-azure-ad-connect/
Gary.
20 people are following this question.
