These instructions are based on Microsoft documentation to [create a self-signed certificate](https://docs.microsoft.com/en-us/windows/msix/package/create-certificate-package-signing).

Copies of NVDA signed by a self-signed certificate will not function on systems where it is not installed as a trusted root certificate, so this is only suitable for personal use.

Following are instructions on how to generate and install a self-signed certificate.

This is not supported and should only be attempted by developers who know what they are doing and are aware of the risks.

If the private key is compromised, this poses a serious security risk to your system.

Do not forget to [remove the certificate](#remove-the-certificate) when you are done testing.

Using [PKI](https://docs.microsoft.com/en-us/windows/msix/package/create-certificate-package-signing#prerequisite), create a self signed build with a custom name (`FriendlyName`) and publisher (`Subject`).

Other parameters are determined by [MS docs](https://docs.microsoft.com/en-us/windows/msix/package/create-certificate-package-signing#use-new-selfsignedcertificate-to-create-a-certificate).

From PowerShell:

This should output a thumbprint. Example Output:

This [method uses a password](https://docs.microsoft.com/en-us/windows/msix/package/create-certificate-package-signing#password-usage) to handle access.

Use PowerShell.

Replace the following in this PowerShell script:

- `<nvdaRepositoryRoot>`: the root of your NVDA repository.

- `<Password>`: a password for the exported certificate file.

- `<Certificate Thumbprint>`: The thumbprint from [creating the certificate](#create-a-self-signed-certificate).

Import the certificate to the Local Machine in the "Trusted Root Certification Authorities" store.

Run PowerShell as Administrator, execute [Import-PfxCertificate

](https://docs.microsoft.com/en-us/powershell/module/pki/import-pfxcertificate).

Replace the following in the PowerShell script:

- `<nvdaRepositoryRoot>`: the root of your NVDA repository.

- `<Password>`: your password for the exported certificate file.

This should output the same thumbprint. Example Output:

For Windows 7, you will need to use an alternative method.

On any supported version of Windows, you can manage certifications through the "Certificate Manager".

When running a scons command, append `certFile=local.pfx certPassword=<Password>`.

From Command Prompt in your NVDA source directory:

View the certificate for the NVDA launcher:

1. Open file properties on the launcher (`output/nvda_*.exe`)

1. Navigate to Digital Signatures tab

1. Open certificate signature

1. Open View Certificate

- If the certificate is not imported correctly:

- **General tab:** "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."

- **Certification Path tab, Certificate Status:** "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."

- If the certificate is imported correctly:

- **General tab:** "Ensures software came from software publisher. Protects software from alteration after publication"

- **Certification Path tab, Certificate Status:** "This certificate is OK."

After being finished with testing, remove the certificate from the Local Machine "Trusted Root Certification Authorities" store.

Leaving the certificate installed is potentially a security risk.

The certificate will still be in `Cert:\CurrentUser\My\<Certificate Thumbprint>`.

Use PowerShell, running as administrator.

Replace the following in this PowerShell script:

- `<Certificate Thumbprint>`: The thumbprint from [creating the certificate](#create-a-self-signed-certificate).

For Windows 7, you will need to use an alternative method.

On any supported version of Windows, you can manage certifications through the "Certificate Manager".