Created
February 1, 2021 23:44
-
-
Save gcch/8b770676818df076570caa5f4477ed01 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$CurrentDir = $(Split-Path $MyInvocation.MyCommand.Path -Parent) | |
Set-Location $CurrentDir | |
# Parameters | |
$DomainName = "contoso.local" | |
$ExpirationYear = 10 | |
$RootCACertName = "RootCA" | |
$RootCAUser = "" | |
$ServerCertNames = @("Server01", "Server02") | |
$ClientCertNames = New-Object System.Collections.ArrayList | |
for ($i = 1; $i -le 10; $i++) { | |
$ClientCertNames.Add("Client{0:000}" -f $i) | |
} | |
Write-Host "" | |
Write-Host "----------------------------------------------------------------------" | |
Write-Host "" | |
Write-Host "### Generate Root CA Certificate ###" | |
$RootCACertThumbprint = (Get-ChildItem -Path "Cert:\CurrentUser\My" | Where { $_.Subject -eq "CN=${RootCACertName}" }).Thumbprint | |
if ($RootCACertThumbprint -eq $null) { | |
Write-Host "自己署名ルート証明書の生成..." | |
$RootCACert = New-SelfSignedCertificate ` | |
-Type Custom ` | |
-KeySpec Signature ` | |
-Subject "CN=${RootCACertName}" ` | |
-KeyExportPolicy Exportable ` | |
-HashAlgorithm sha256 ` | |
-KeyLength 2048 ` | |
-CertStoreLocation "Cert:\CurrentUser\My" ` | |
-KeyUsageProperty Sign ` | |
-KeyUsage CertSign ` | |
-NotAfter (Get-Date).AddYears($ExpirationYear) | |
Write-Host "自己署名ルート証明書のファイル保存..." | |
#Export-Certificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.sst" -Type SST | |
Export-Certificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.cer" | |
#Export-Certificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.p7b" -Type p7b | |
Write-Host "自己署名ルート証明書 (秘密鍵あり) のファイル保存..." | |
$RootCAPlainTextPassword = "Passw0rd!CA" | |
$RootCAPassword = ConvertTo-SecureString -String $RootCAPlainTextPassword -Force -AsPlainText | |
Export-PfxCertificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.pfx" -Password $RootCASecretPassword | |
} else { | |
Write-Host "自己署名ルート証明書の取得..." | |
$RootCACert = Get-ChildItem -Path "Cert:\CurrentUser\My\${RootCACertThumbprint}" | |
} | |
Write-Host "" | |
Write-Host "----------------------------------------------------------------------" | |
Write-Host "" | |
Write-Host "### Generate SSL Server Certificate ###" | |
foreach ($ServerCertName in $ServerCertNames) { | |
Write-Host "自己署名サーバ証明書の生成: $ServerCertName" | |
$ServerCert = New-SelfSignedCertificate ` | |
-Type Custom ` | |
-DnsName $ServerCertName ` | |
-KeySpec Signature ` | |
-Subject "CN=$ServerCertName" ` | |
-KeyExportPolicy Exportable ` | |
-HashAlgorithm sha256 ` | |
-KeyLength 2048 ` | |
-CertStoreLocation "Cert:\CurrentUser\My" ` | |
-Signer $RootCACert ` | |
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") ` | |
-NotAfter (Get-Date).AddYears($ExpirationYear) | |
Write-Host "自己署名ルート証明書のファイル保存..." | |
#Export-Certificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.sst" -Type SST | |
Export-Certificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.cer" | |
#Export-Certificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.p7b" -Type p7b | |
Write-Host "自己署名ルート証明書 (秘密鍵あり) のファイル保存..." | |
$PlainTextPassword = "Passw0rd!${ServerCertName}" | |
$Password = ConvertTo-SecureString -String $PlainTextPassword -Force -AsPlainText | |
Export-PfxCertificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.pfx" -Password $Password | |
} | |
Write-Host "" | |
Write-Host "----------------------------------------------------------------------" | |
Write-Host "" | |
Write-Host "### Generate SSL Client Certificate ###" | |
foreach ($ClientCertName in $ClientCertNames) { | |
Write-Host "自己署名クライアント証明書の生成: $ClientCertName" | |
$ClientCert = New-SelfSignedCertificate ` | |
-Type Custom ` | |
-KeySpec Signature ` | |
-Subject "CN=$ClientCertName" ` | |
-KeyExportPolicy Exportable ` | |
-HashAlgorithm sha256 ` | |
-KeyLength 2048 ` | |
-CertStoreLocation "Cert:\CurrentUser\My" ` | |
-Signer $RootCACert ` | |
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2", "2.5.29.17={text}upn=${ClientCertName}@${DomainName}") ` | |
-NotAfter (Get-Date).AddYears($ExpirationYear) | |
Write-Host "自己署名ルート証明書のファイル保存..." | |
#Export-Certificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.sst" -Type SST | |
Export-Certificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.cer" | |
#Export-Certificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.p7b" -Type p7b | |
Write-Host "自己署名ルート証明書 (秘密鍵あり) のファイル保存..." | |
$PlainTextPassword = "Passw0rd!${ClientCertName}" | |
$Password = ConvertTo-SecureString -String $PlainTextPassword -Force -AsPlainText | |
Export-PfxCertificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.pfx" -Password $Password | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment