Public/Get-SecretCertificate.ps1

function Get-SecretCertificate {
    
    [CmdletBinding()]
    param (
        [Parameter()]
        [string] $Name = $null,

        [Parameter()]
        [ValidateSet('CurrentUser', 'LocalMachine')]
        [string] $CertificateStore = 'CurrentUser'
    )
    
    begin {
        $Constants = Get-SecretConstants
        if ($null -eq $Name) { $Name = 'Default' }
        $CertificateName = [string]::Format('{0} - {1}', $Constants.CertificateNamePrefix, $Name)
    }
    
    process {
        $Certificate = Get-ChildItem -Path "Cert:\$CertificateStore\My" | Where-Object -Property FriendlyName -EQ -Value $CertificateName
        if (-not $Certificate) {
            $CertificateParams = @{
                CertStoreLocation = "Cert:\$CertificateStore\My"
                Type = 'Custom'
                Subject = $CertificateName
                FriendlyName = $CertificateName
                KeyFriendlyName = $CertificateName
                KeyAlgorithm = 'RSA'
                KeyLength = 2048
                KeyExportPolicy = 'Exportable'
                NotAfter = (Get-Date).AddYears(5)
                Provider = 'Microsoft Software Key Storage Provider'
            }
            $Certificate = New-SelfSignedCertificate @CertificateParams
        }
        return $Certificate
    }
    
    end {
        
    }
}