PowerShell : New-SelfSignedCertificate – resolving “Access is denied. 0x80070005” (WIN32:5 ERROR_ACCESS_DENIED)
Hi All,
Greetings for the day!
Today new issue and solution regarding executing PowerShell CMDLET – New-SelfSignedCertificate
Background / Details
- I was exploring Microsoft Graph PowerShell CMDLETs
- I was trying Connect-MgGraph CMDLET which is starting point for Microsoft Graph PowerShell
- One of the approach / option to connect Microsoft Graph using Connect-MgGraph is using Application ID (client ID) and self-signed certificate (Certificate Thumbprint)
Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -CertificateThumbprint "YOUR_CERT_THUMBPRINT"OR
Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -CertificateName "YOUR_CERT_SUBJECT"OR
$Cert = Get-ChildItem Cert:\currentuser\$CertThumbprint
Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -Certificate $Cert- And to create self-signed certificate I am using PowerShell CMDLET – New-SelfSignedCertificate as
New-SelfSignedCertificate -DnsName "knowledgejunction1.sharepoint.com" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(20) -KeyExportPolicy Exportable -KeySpec SignatureWhile executing this CMDLET getting below error
New-SelfSignedCertificate : CertEnroll::CX509Enrollment::_CreateRequest: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
At C:\Users\Documents\Prasham\Articles\PowerShell\scripttocreateselfsigncertificate.ps1:1 char:1
- New-SelfSignedCertificate -DnsName “knowledgejunction1.sharepoint.com …
~~~~~~~~~~~~~~~~~- CategoryInfo : NotSpecified: (:) [New-SelfSignedCertificate], Exception
- FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCommand
Note : We have next detailed article on complete PowerShell script – how to create / generate self signed certificate
Solution
- It seems to be permission issue – Windows PowerShell ISE is not elevated. I.e. – Window dont have admin rights
- One point observed is – Windows PowerShell ISE is not opened as “Run as administrator”
- Or other alternative is use “Runas” verb to start PowerShell process as
Start-Process powershell.exe -Verb Runas- Note the Title bar of “Windows PowerShell ISE” there is no “Administrator” before the title
- As I close and open again “Windows PowerShell ISE” as “Run as administrator” – CMDLET executed successfully
- Self signed certificate created successfully as
We could also check if current user as an administrator (our administrative status) by executing following CMDLET
([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
output :
PS C:\> ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
False
Alternative option is using different path to –CertStoreLocation parameter
- Using distinct certificate path as in below code snippet – –CertStoreLocation as “cert:\currentuser\my“
New-SelfSignedCertificate -DnsName "knowledgejunction1.sharepoint.com" -CertStoreLocation "cert:\currentuser\My" -NotAfter (Get-Date).AddYears(20) -KeyExportPolicy Exportable -KeySpec Signature
Thanks for reading !
Stay tuned for more articles on Microsoft Graph PowerShell!
HAPPY LEARNING AHEAD 🙂 LIFE IS BEAUTIFUL 🙂
![New-ExoPSSession : Processing data from remote server outlook.office365.com failed with the following error message: [AuthZRequestId=9ff0b2ed-63de-4871-987a-7a608bc135cc][FailureCategory=AuthZ-AuthorizationException] Fail to create a runspace because you have exceeded the maximum number of connections allowed : 3 for the policy](https://i0.wp.com/knowledge-junction.in/wp-content/uploads/2022/06/fig1.png?resize=520%2C245&ssl=1)
You must be logged in to post a comment.