When splitting or merging xDB Collection database shards, the PowerShell command for a certificate creation might not work. The current article defines an approach of creating a self-signed certificate and PFX file using PowerShell, alternative to the Microsoft documentation.
To create a self-signed certificate and PFX file for your web app, run the following script in PowerShell (note that the *.cloudapp.net must not be altered):
# Define parameters
$certName = "*.cloudapp.net"
$pfxPath = "{yourpathandname}.pfx" # Path to store the .pfx file
$cerPath = "{yourpathandname}.cer" # Path to store the .cer file
$password = "{yourpassword}" # Password to protect the .pfx file
# Create the self-signed certificate in the "CurrentUser\My" store
$cert = New-SelfSignedCertificate `
-DnsName $certName `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeySpec KeyExchange `
-Type Custom `
-KeyUsage DigitalSignature, KeyEncipherment `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2") `
-HashAlgorithm "SHA256" `
-KeyLength 2048
# Export the certificate to a .pfx file (with private key)
Export-PfxCertificate `
-Cert $cert `
-FilePath $pfxPath `
-Password (ConvertTo-SecureString -String $password -Force -AsPlainText)
# Export the public certificate to a .cer file (without private key)
Export-Certificate `
-Cert $cert `
-FilePath $cerPath