Troubles using -Pin parameter in New-SelfSignedCertificate

My goal is to create a self-signed certificate to use later. I tried using the parameter -PIN like this:

$password = ConvertTo-SecureString "123456" -AsPlainText -Force
$certif = New-SelfSignedCertificate `
  -Type Custom `
  -KeySpec Signature `
  -KeyUsageProperty Sign `
  -KeyUsage DigitalSignature `
  -KeyExportPolicy Exportable `
  -KeyLength 2048 `
  -HashAlgorithm sha256 `
  -Subject "CN=Иван Иванов,C=RU,L=Челябинск,O=Интерсвязь,E=apr@intersvyaz.net" `
  -CertStoreLocation "Cert:\CurrentUser\My" `
  -NotAfter (Get-Date).AddYears(5) `
  -FriendlyName "Внутренний ЭДО Интерсвязь"`
  -Pin $password

But New-SelfSignedCertificate returns this error:

    New-SelfSignedCertificate : CertEnroll::CX509Enrollment::_CreateRequest: Указан
 неправильный тип. 0x8009000a (-2146893814 NTE_BAD_TYPE)
строка:1 знак:11
+ $certif = New-SelfSignedCertificate `
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-SelfSignedCertificate], E 
   xception
    + FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.C 
   ommands.NewSelfSignedCertificateCommand

When I create certificate without -Pin, it works, but anyone who has acess to this certificate can use it to sign files. I need this sertificate to be used by someone who knows the password (creator, for example) and I believe that this is what -Pin parameter is used for. The question is: am I using it wrong? Are there any other way to protect certificate with a password, if so then how do I do that?

Thanks in advance for your help!

Maria