We created self-signed certificates using the following commands in powershell: $rootcert=New-SelfSignedCertificate -certstorelocation cert:\LocalMachine\my -Subject "C=DE,S=Bavaria,L=Munich,O=XYZ LTD, OU=XYZ CA, CN=ABC CA Root5, E=abc_CA31@xyz.info" -KeyDescription "ABC CA Root5" -KeyFriendlyName "ABC CA Root5" -Container "ABC CA Root5" -FriendlyName "ABC CA Root5" -KeyAlgorithm RSA -KeyLength 2048 -KeyUsage CertSign,CrlSign,DigitalSignature -TextExtension @("2.5.29.19={​​​​​​​text}​​​​​​​CA=true") -DnsName "ABC CA Root5" $mypwd = ConvertTo-SecureString -String "mypassword" -Force -AsPlainText $RootCAthumbprint = $rootcert.Thumbprint Export-PfxCertificate -cert cert:\localmachine\my\$RootCAthumbprint -FilePath D:\WINSSL\sample\1\CA3.pfx -Password $mypwd Import-PfxCertificate -FilePath D:\WINSSL\sample\1\CA3.pfx -CertStoreLocation Cert:\LocalMachine\Root -Password $mypwd $cert = New-SelfSignedCertificate -KeyExportPolicy Exportable -KeyUsage DigitalSignature,KeyEncipherment -Signer $rootcert -Type CodeSigning -CertStoreLocation Cert:\LocalMachine\My -Subject "C=US,ST=Ks,L=Olathe,O=XYZ LTD,OU=ABC,CN=Server5,E=XYZ_label1@XYZ.info" -KeyDescription "Server5" -KeyFriendlyName "Server5" -Container "Server5" -FriendlyName "Server5" -KeyAlgorithm RSA -KeyLength 2048 -DnsName "Server5 Alt Name" -TextExtension @("2.5.29.37={​​​​​​​text}​​​​​​​1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.1") $rootcert=New-SelfSignedCertificate -certstorelocation cert:\LocalMachine\my -Subject "C=DE,S=Bavaria,L=Munich,O=XYZ LTD, OU=XYZ CA, CN=ABC CA Root6, E=abc_CA31@xyz.info" -KeyDescription "ABC CA Root6" -KeyFriendlyName "ABC CA Root6" -Container "ABC CA Root6" -FriendlyName "ABC CA Root6" -KeyAlgorithm RSA -KeyLength 2048 -KeyUsage CertSign,CrlSign,DigitalSignature -TextExtension @("2.5.29.19={​​​​​​​text}​​​​​​​CA=true") -DnsName "ABC CA Root6" $mypwd = ConvertTo-SecureString -String "mypassword" -Force -AsPlainText $RootCAthumbprint = $rootcert.Thumbprint Export-PfxCertificate -cert cert:\localmachine\my\$RootCAthumbprint -FilePath D:\WINSSL\sample\1\CA3.pfx -Password $mypwd Import-PfxCertificate -FilePath D:\WINSSL\sample\1\CA3.pfx -CertStoreLocation Cert:\LocalMachine\Root -Password $mypwd $cert = New-SelfSignedCertificate -KeyExportPolicy Exportable -KeyUsage DigitalSignature,KeyEncipherment -Signer $rootcert -Type CodeSigning -CertStoreLocation Cert:\LocalMachine\My -Subject "C=US,ST=Ks,L=Olathe,O=XYZ LTD,OU=ABC,CN=Client6,E=XYZ_label1@XYZ.info" -KeyDescription "Client6" -KeyFriendlyName "Client6" -Container "Client6" -FriendlyName "Client6" -KeyAlgorithm RSA -KeyLength 2048 -DnsName "Client6 Alt Name" -TextExtension @("2.5.29.37={​​​​​​​text}​​​​​​​1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.1") And we are using thumbprint to search for the certificate in the local certificate store.