Persits Software, Inc. Knowledge Base Articles

How to create self-signed certificates for DKIM on Windows 10

Problem Summary

This article describes how to create self-signed certificates to be used to send DKIM-enabled email with SHA256-based signatures on Windows 10.


1. Run the Windows PowerShell app.

Click the search icon and type "powershell". Click on "Run as Administrator".

2. Run the script below in the PowerShell window.

Copy and paste the following script to the PowerShell window and press Enter.

A PFX file c:\temp\dkim.pfx containing a self-certificate with the name "dkim" will be created. The PFX file is protected with the password 'MyPassword'.

This PFX file can be used directly with AspEmail or AspEmail.NET to send DKIM-enabled email. To obtain the certificate's public key for the purpose of creating an TXT DNS record, the certicate needs to be imported into your personal certificate store, and then exported back to a .cer file using Certificate Manager (certmgr.msc).

Since the certificate is created using the Microsoft Enhanced RSA and AES Cryptographic Provider, it will generate SHA256-based signatures.

For more information about AspEmai's and AspEmail's DKIM support, see