Knowledge Base

Creating a self-signed SSL certificate for Proton

Applies to

All versions of Proton


For security, Proton only operates over HTTPS. Installing the Full Install version of Proton Server with a license key requires an SSL certificate (in .PFX format). Proton supports trusted CA-issued or self-signed certificates, with CA-issued certificates recommended for maximum security and ease of access via the Proton Manager. If you must use a self-signed certificate, Chrome and Firefox now require a Subject Alternative Name (SAN) v3 extension in the certificate. Even with the SAN specified, Firefox still shows a security prompt for all self-signed certificates.

The following guidance will help you create a self-signed certificate with a SAN v3 extension in the certificate. Note that Proton Express, the evaluation version, automatically installs a self-signed certificate with a SAN v3 extension. This guidance is only relevant for a Full Install of Proton Server.

Note: This guidance is for Server 2012, 2012 R2 and 2016, Windows 8, 8.1 and 10. Server 2008 and Windows 7 users should contact us at [email protected] for more information.


PowerShell can create a self-signed certificate with SAN specified. In an Administrator PowerShell you can run the following steps to create and export a self-signed certificate. Be sure to replace the italicized text (YourMachineName, YourPassword, and YourCertFile) with the appropriate values for your system and organization (including a file path that makes it easy for you to retrieve and then use your .pfx file during Proton installation).

1) Create and install a self-signed cert in Local Computer / Personal:
$cert = New-SelfSignedCertificate -DnsName YourMachineName, localhost -CertStoreLocation "cert:\LocalMachine\My"

2) Enter your password into a variable in a secure manner:
$password = Read-Host -Prompt "YourPassword" -AsSecureString

3) Export the cert to pfx file:
Export-PfxCertificate -Cert $cert -Password $password -FilePath YourCertFile.pfx

4) (Optional) Remove the cert you just created from your certificate store if you don’t want it left there:
Remove-Item -Path $cert.PSPath

The created .PFX file can be used for a Proton Full Install.

Posted in: Proton Knowledge Base,

  • Share:  

Request Demo

Internet Explorer End of Life problems?Learn More