update
This commit is contained in:
Zack Meier
+154
@@ -0,0 +1,154 @@
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Generates a Certificate Signing Request based on values inputted. Any values not inputted will result in the use of default values.
|
||||
.DESCRIPTION
|
||||
Generates a Certificate Signing Request based on values inputted. Any values not inputted will result in the use of default values. CSR will be printed to the screen, but can be saved to the clipboard, or to a file.
|
||||
Default values are:
|
||||
|
||||
.NOTES
|
||||
Run as administrator is required.
|
||||
.EXAMPLE
|
||||
New-ITDSslCertificateSigningRequest -CommonName 'commonname.nd.gov'
|
||||
CSR is generated using the common name shown, and default values for everything else
|
||||
.EXAMPLE
|
||||
New-ITDSslCertificateSigningRequest -CommonName 'commonname.nd.gov' -Organization "OrgNameHere" -OrganizationalUnit "OrgUnitHere" -Locality Mandan -State ND -Country US -KeyLength 4096
|
||||
CSR is generated using the values specified, defaults for the rest
|
||||
.EXAMPLE
|
||||
New-ITDSslCertificateSigningRequest -CommonName 'commonname.nd.gov' -Organization "OrgNameHere" -OrganizationalUnit "OrgUnitHere" -Locality Mandan -State ND -Country US -KeyLength 4096 -ToClipboard
|
||||
CSR is generated using the values specified, defaults for the rest, and saved into the user's clipboard
|
||||
.EXAMPLE
|
||||
New-ITDSslCertificateSigningRequest -CommonName 'commonname.nd.gov' -ToPath C:\temp.csr
|
||||
CSR is generated using the common name shown, and default values for everything else, and saves the CSR to a local path
|
||||
#>
|
||||
|
||||
function New-ITDSslCertificateSigningRequest {
|
||||
[CmdletBinding()]
|
||||
param (
|
||||
[Parameter(Mandatory=$true)]
|
||||
[string]
|
||||
$CommonName,
|
||||
|
||||
[string]
|
||||
$Organization = "State of North Dakota",
|
||||
|
||||
[string]
|
||||
$OrganizationalUnit = "NDIT",
|
||||
|
||||
[string]
|
||||
$Locality = "Bismarck",
|
||||
|
||||
[string]
|
||||
$State = "ND",
|
||||
|
||||
[string]
|
||||
$Country = "US",
|
||||
|
||||
[ValidateSet(2048, 4096)]
|
||||
[int]
|
||||
$KeyLength = 4096,
|
||||
|
||||
[switch]
|
||||
$Exportable = $true,
|
||||
|
||||
[ValidateSet('sha256','sha384','sha512','md5')]
|
||||
[string]
|
||||
$HashAlgorithm = "sha256",
|
||||
|
||||
[switch]
|
||||
$ToClipboard,
|
||||
|
||||
[string]
|
||||
$ToPath
|
||||
)
|
||||
|
||||
begin {
|
||||
if (-NOT([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
|
||||
Write-Host "Administrator priviliges are required. Please restart this script with elevated rights." -ForegroundColor Red
|
||||
Pause
|
||||
Throw "Administrator priviliges are required. Please restart this script with elevated rights."
|
||||
}
|
||||
}
|
||||
|
||||
process {
|
||||
$UID = [guid]::NewGuid()
|
||||
$files = @{}
|
||||
$files['settings'] = "$($env:TEMP)\$($UID)-settings.inf";
|
||||
$files['csr'] = "$($env:TEMP)\$($UID)-csr.req"
|
||||
|
||||
$request = @{}
|
||||
$request['SAN'] = @{}
|
||||
|
||||
#2048, sha256
|
||||
$settingsInf = "
|
||||
[Version]
|
||||
Signature=`"`$Windows NT`$
|
||||
[NewRequest]
|
||||
KeyLength = {{KeyLength}}
|
||||
Exportable = {{Exportable}}
|
||||
MachineKeySet = TRUE
|
||||
SMIME = FALSE
|
||||
RequestType = PKCS10
|
||||
ProviderName = `"Microsoft RSA SChannel Cryptographic Provider`"
|
||||
ProviderType = 12
|
||||
HashAlgorithm = {{HashAlgorithm}}
|
||||
;Variables
|
||||
Subject = `"CN={{CN}},OU={{OU}},O={{O}},L={{L}},S={{S}},C={{C}}`"
|
||||
[Extensions]
|
||||
{{SAN}}
|
||||
;Certreq info
|
||||
;http://technet.microsoft.com/en-us/library/dn296456.aspx
|
||||
;CSR Decoder
|
||||
;https://certlogik.com/decoder/
|
||||
;https://ssltools.websecurity.symantec.com/checker/views/csrCheck.jsp
|
||||
"
|
||||
|
||||
|
||||
$request['SAN_string'] = & {
|
||||
if ($request['SAN'].Count -gt 0) {
|
||||
$san = "2.5.29.17 = `"{text}`"
|
||||
"
|
||||
Foreach ($sanItem In $request['SAN'].Values) {
|
||||
$san += "_continue_ = `"dns=" + $sanItem + "&`"
|
||||
"
|
||||
}
|
||||
return $san
|
||||
}
|
||||
}
|
||||
|
||||
$settingsInf = $settingsInf.Replace("{{CN}}", $CommonName)
|
||||
$settingsInf = $settingsInf.Replace("{{O}}", $Organization)
|
||||
$settingsInf = $settingsInf.Replace("{{OU}}", $OrganizationalUnit)
|
||||
$settingsInf = $settingsInf.Replace("{{L}}", $Locality)
|
||||
$settingsInf = $settingsInf.Replace("{{S}}", $State)
|
||||
$settingsInf = $settingsInf.Replace("{{C}}", $Country)
|
||||
$settingsInf = $settingsInf.Replace("{{SAN}}", $request['SAN_string'])
|
||||
$settingsInf = $settingsInf.Replace("{{KeyLength}}",$KeyLength)
|
||||
$settingsInf = $settingsInf.Replace("{{HashAlgorithm}}",$HashAlgorithm)
|
||||
$settingsInf = $settingsInf.Replace("{{Exportable}}",$Exportable)
|
||||
|
||||
# Save settings to file in temp
|
||||
$settingsInf > $files['settings']
|
||||
|
||||
certreq -new $files['settings'] $files['csr'] > $null
|
||||
|
||||
$CSR = Get-Content $files['csr']
|
||||
|
||||
Write-Output $CSR
|
||||
If ($ToClipboard) {
|
||||
$CSR | Set-Clipboard
|
||||
}
|
||||
If ($ToPath) {
|
||||
$CSR | Out-File -FilePath $ToPath
|
||||
}
|
||||
|
||||
$files.Values | ForEach-Object {
|
||||
Remove-Item $_ -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
New-ITDAutomationRecord -AppName "Windows-General" -Action "Provisioning" -Minutes 3 -Platform "PowerShell-ITD.Windows"
|
||||
}
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user