Previously, I posted about how to create a self-signed cert for development. Well, things change; here’s how to do it in 2025. (Or at least, here’s one way):

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "example.local" -FriendlyName "example.local" -NotAfter $([datetime]::now.AddYears(5)) -keyusage DigitalSignature

So what’s the “KeyUsage” bit about? Well, it’s a certificate extension that restricts the purposes that a certificate can be used for.