gcch/generate-self-signed-cert.ps1

## generate-self-signed-cert.ps1

$CurrentDir = $(Split-Path $MyInvocation.MyCommand.Path -Parent)
Set-Location $CurrentDir

# Parameters
$DomainName = "contoso.local"
$ExpirationYear = 10

$RootCACertName = "RootCA"
$RootCAUser = ""
$ServerCertNames = @("Server01", "Server02")
$ClientCertNames = New-Object System.Collections.ArrayList
for ($i = 1; $i -le 10; $i++) {
    $ClientCertNames.Add("Client{0:000}" -f $i)
}

Write-Host ""
Write-Host "----------------------------------------------------------------------"
Write-Host ""

Write-Host "### Generate Root CA Certificate ###"

$RootCACertThumbprint = (Get-ChildItem -Path "Cert:\CurrentUser\My" | Where { $_.Subject -eq "CN=${RootCACertName}" }).Thumbprint
if ($RootCACertThumbprint -eq $null) {
    Write-Host "自己署名ルート証明書の生成..."
    $RootCACert = New-SelfSignedCertificate `
                                -Type Custom `
                                -KeySpec Signature `
                                -Subject "CN=${RootCACertName}" `
                                -KeyExportPolicy Exportable `
                                -HashAlgorithm sha256 `
                                -KeyLength 2048 `
                                -CertStoreLocation "Cert:\CurrentUser\My" `
                                -KeyUsageProperty Sign `
                                -KeyUsage CertSign `
                                -NotAfter (Get-Date).AddYears($ExpirationYear)

    Write-Host "自己署名ルート証明書のファイル保存..."
    #Export-Certificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.sst" -Type SST
    Export-Certificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.cer"
    #Export-Certificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.p7b" -Type p7b

    Write-Host "自己署名ルート証明書 (秘密鍵あり) のファイル保存..."
    $RootCAPlainTextPassword = "Passw0rd!CA"
    $RootCAPassword = ConvertTo-SecureString -String $RootCAPlainTextPassword -Force -AsPlainText
    Export-PfxCertificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.pfx" -Password $RootCASecretPassword
} else {
    Write-Host "自己署名ルート証明書の取得..."
    $RootCACert = Get-ChildItem -Path "Cert:\CurrentUser\My\${RootCACertThumbprint}"
}

Write-Host ""
Write-Host "----------------------------------------------------------------------"
Write-Host ""

Write-Host "### Generate SSL Server Certificate ###"

foreach ($ServerCertName in $ServerCertNames) {
    Write-Host "自己署名サーバ証明書の生成: $ServerCertName"
    $ServerCert = New-SelfSignedCertificate `
                            -Type Custom `
                            -DnsName $ServerCertName `
                            -KeySpec Signature `
                            -Subject "CN=$ServerCertName" `
                            -KeyExportPolicy Exportable `
                            -HashAlgorithm sha256 `
                            -KeyLength 2048 `
                            -CertStoreLocation "Cert:\CurrentUser\My" `
                            -Signer $RootCACert `
                            -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") `
                            -NotAfter (Get-Date).AddYears($ExpirationYear)

    Write-Host "自己署名ルート証明書のファイル保存..."
    #Export-Certificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.sst" -Type SST
    Export-Certificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.cer"
    #Export-Certificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.p7b" -Type p7b

    Write-Host "自己署名ルート証明書 (秘密鍵あり) のファイル保存..."
    $PlainTextPassword = "Passw0rd!${ServerCertName}"
    $Password = ConvertTo-SecureString -String $PlainTextPassword -Force -AsPlainText
    Export-PfxCertificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.pfx" -Password $Password
}

Write-Host ""
Write-Host "----------------------------------------------------------------------"
Write-Host ""

Write-Host "### Generate SSL Client Certificate ###"

foreach ($ClientCertName in $ClientCertNames) {
    Write-Host "自己署名クライアント証明書の生成: $ClientCertName"
    $ClientCert = New-SelfSignedCertificate `
                            -Type Custom `
                            -KeySpec Signature `
                            -Subject "CN=$ClientCertName" `
                            -KeyExportPolicy Exportable `
                            -HashAlgorithm sha256 `
                            -KeyLength 2048 `
                            -CertStoreLocation "Cert:\CurrentUser\My" `
                            -Signer $RootCACert `
                            -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2", "2.5.29.17={text}upn=${ClientCertName}@${DomainName}") `
                            -NotAfter (Get-Date).AddYears($ExpirationYear)

    Write-Host "自己署名ルート証明書のファイル保存..."
    #Export-Certificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.sst" -Type SST
    Export-Certificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.cer"
    #Export-Certificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.p7b" -Type p7b

    Write-Host "自己署名ルート証明書 (秘密鍵あり) のファイル保存..."
    $PlainTextPassword = "Passw0rd!${ClientCertName}"
    $Password = ConvertTo-SecureString -String $PlainTextPassword -Force -AsPlainText
    Export-PfxCertificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.pfx" -Password $Password
}

	$CurrentDir = $(Split-Path $MyInvocation.MyCommand.Path -Parent)
	Set-Location $CurrentDir

	# Parameters
	$DomainName = "contoso.local"
	$ExpirationYear = 10

	$RootCACertName = "RootCA"
	$RootCAUser = ""
	$ServerCertNames = @("Server01", "Server02")
	$ClientCertNames = New-Object System.Collections.ArrayList
	for ($i = 1; $i -le 10; $i++) {
	$ClientCertNames.Add("Client{0:000}" -f $i)
	}

	Write-Host ""
	Write-Host "----------------------------------------------------------------------"
	Write-Host ""

	Write-Host "### Generate Root CA Certificate ###"

	$RootCACertThumbprint = (Get-ChildItem -Path "Cert:\CurrentUser\My" \| Where { $_.Subject -eq "CN=${RootCACertName}" }).Thumbprint
	if ($RootCACertThumbprint -eq $null) {
	Write-Host "自己署名ルート証明書の生成..."
	$RootCACert = New-SelfSignedCertificate `
	-Type Custom `
	-KeySpec Signature `
	-Subject "CN=${RootCACertName}" `
	-KeyExportPolicy Exportable `
	-HashAlgorithm sha256 `
	-KeyLength 2048 `
	-CertStoreLocation "Cert:\CurrentUser\My" `
	-KeyUsageProperty Sign `
	-KeyUsage CertSign `
	-NotAfter (Get-Date).AddYears($ExpirationYear)

	Write-Host "自己署名ルート証明書のファイル保存..."
	#Export-Certificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.sst" -Type SST
	Export-Certificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.cer"
	#Export-Certificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.p7b" -Type p7b

	Write-Host "自己署名ルート証明書 (秘密鍵あり) のファイル保存..."
	$RootCAPlainTextPassword = "Passw0rd!CA"
	$RootCAPassword = ConvertTo-SecureString -String $RootCAPlainTextPassword -Force -AsPlainText
	Export-PfxCertificate -Cert $RootCACert -FilePath "$CurrentDir\${RootCACertName}.pfx" -Password $RootCASecretPassword
	} else {
	Write-Host "自己署名ルート証明書の取得..."
	$RootCACert = Get-ChildItem -Path "Cert:\CurrentUser\My\${RootCACertThumbprint}"
	}

	Write-Host ""
	Write-Host "----------------------------------------------------------------------"
	Write-Host ""

	Write-Host "### Generate SSL Server Certificate ###"

	foreach ($ServerCertName in $ServerCertNames) {
	Write-Host "自己署名サーバ証明書の生成: $ServerCertName"
	$ServerCert = New-SelfSignedCertificate `
	-Type Custom `
	-DnsName $ServerCertName `
	-KeySpec Signature `
	-Subject "CN=$ServerCertName" `
	-KeyExportPolicy Exportable `
	-HashAlgorithm sha256 `
	-KeyLength 2048 `
	-CertStoreLocation "Cert:\CurrentUser\My" `
	-Signer $RootCACert `
	-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") `
	-NotAfter (Get-Date).AddYears($ExpirationYear)

	Write-Host "自己署名ルート証明書のファイル保存..."
	#Export-Certificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.sst" -Type SST
	Export-Certificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.cer"
	#Export-Certificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.p7b" -Type p7b

	Write-Host "自己署名ルート証明書 (秘密鍵あり) のファイル保存..."
	$PlainTextPassword = "Passw0rd!${ServerCertName}"
	$Password = ConvertTo-SecureString -String $PlainTextPassword -Force -AsPlainText
	Export-PfxCertificate -Cert $ServerCert -FilePath "$CurrentDir\${ServerCertName}.pfx" -Password $Password
	}

	Write-Host ""
	Write-Host "----------------------------------------------------------------------"
	Write-Host ""

	Write-Host "### Generate SSL Client Certificate ###"

	foreach ($ClientCertName in $ClientCertNames) {
	Write-Host "自己署名クライアント証明書の生成: $ClientCertName"
	$ClientCert = New-SelfSignedCertificate `
	-Type Custom `
	-KeySpec Signature `
	-Subject "CN=$ClientCertName" `
	-KeyExportPolicy Exportable `
	-HashAlgorithm sha256 `
	-KeyLength 2048 `
	-CertStoreLocation "Cert:\CurrentUser\My" `
	-Signer $RootCACert `
	-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2", "2.5.29.17={text}upn=${ClientCertName}@${DomainName}") `
	-NotAfter (Get-Date).AddYears($ExpirationYear)

	Write-Host "自己署名ルート証明書のファイル保存..."
	#Export-Certificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.sst" -Type SST
	Export-Certificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.cer"
	#Export-Certificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.p7b" -Type p7b

	Write-Host "自己署名ルート証明書 (秘密鍵あり) のファイル保存..."
	$PlainTextPassword = "Passw0rd!${ClientCertName}"
	$Password = ConvertTo-SecureString -String $PlainTextPassword -Force -AsPlainText
	Export-PfxCertificate -Cert $ClientCert -FilePath "$CurrentDir\${ClientCertName}.pfx" -Password $Password
	}