$param = @{
    "DnsName" = "caroot.gdec.cn"; 
    "CertStoreLocation" = "Cert:\CurrentUser\My"; 
    "NotAfter" = (Get-Date).AddYears(10);
    "KeySpec" = "KeyExchange";
    "KeyExportPolicy" = "Exportable";
}
New-SelfSignedCertificate @param
$pwd = ConvertTo-SecureString -String "Admin_123456" -Force -AsPlainText

Get-ChildItem -Path 'Cert:\CurrentUser\My' | Where-Object { $_.Subject -match "caroot.gdec.cn" } | Export-PfxCertificate -FilePath C:\Users\Administrator\Desktop\cert\caroot.gdec.cn.pfx -Password $pwd
Get-ChildItem -Path Cert:\CurrentUser\My\ | Where-Object { $_.Subject -match "caroot.gdec.cn" } | Export-Certificate -FilePath C:\Users\Administrator\Desktop\cert\caroot.gdec.cn.cer

New-SelfSignedCertificate -CertStoreLocation cert:\\LocalMachine\\My -FriendlyName "Dgqtest" -keyUsage KeyEncipherment,DigitalSignature,CrlSign,CertSign -Subject "CN=caroot.gdec.cn, OU=GDEC, O=GDEC, C=CN, L=GZ, S=GDEC"  -TextExtension @("1.3.6.1.4.1.311.21.10={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2","2.5.29.19={text}CA=true","2.5.29.37={text}1.3.6.1.4.1.311.10.12.1")
New-SelfSignedCertificate -CertStoreLocation ¡°Cert:\CurrentUser\My\¡± -DNSName "caroot.gdec.cn,"10.100.0.139" -FriendlyName "carroot"  -Subject "CN=caroot.gdec.cn, OU=GDEC, O=GDEC, C=CN, L=GZ, S=GDEC"  -TextExtension @("1.3.6.1.4.1.311.21.10={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2","2.5.29.19={text}CA=true","2.5.29.37={text}1.3.6.1.4.1.311.10.12.1")

New-SelfSignedCertificate -Subject test.ca.local -DNSName "test", "test.ca.local","10.100.0.139" -FriendlyName "Dgqtest" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddMonths(240)
Get-ChildItem -Path Cert:\CurrentUser\My\ | Where-Object { $_.Subject -match "test.ca.local" } | Export-Certificate -FilePath C:\Users\Administrator\Desktop\cert\test.ca.local
Get-ChildItem -Path 'Cert:\CurrentUser\My' | Where-Object { $_.Subject -match "test.ca.local" } | Export-PfxCertificate -FilePath C:\Users\Administrator\Desktop\cert\test.ca.local.pfx -Password $pwd

$param = @{
    "DnsName" = "caroot.gdec.cn","10.100.0.139"; 
    "Subject"     = "CN=caroot.gdec.cn, OU=GDEC, O=GDEC, C=CN, L=GZ, S=GDEC" ; 
    "TextExtension"=  @("1.3.6.1.4.1.311.21.10={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2","2.5.29.19={text}CA=true","2.5.29.37={text}1.3.6.1.4.1.311.10.12.1") ;
    "CertStoreLocation" = "Cert:\LocalMachine\My"; 
    "NotAfter" = (Get-Date).AddYears(10);
    "FriendlyName" = "caroot.gdec.cn";
}
New-SelfSignedCertificate @param