Created
July 26, 2018 10:53
-
-
Save machv/a6774860591c5400fb9545f6e215d80d to your computer and use it in GitHub Desktop.
Generate WebServer certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-WebCertificate { | |
| Param( | |
| [parameter(Mandatory = $true)] | |
| [String] | |
| $Fqdn, | |
| [parameter(Mandatory = $true)] | |
| [String] | |
| $CertificateOutputPath, | |
| [parameter(Mandatory = $true)] | |
| [String] | |
| $AuthorityName, | |
| [parameter(Mandatory = $true)] | |
| [SecureString] | |
| $CertificatePassword | |
| ) | |
| # Answer file for certreq | |
| $content = @" | |
| [NewRequest] | |
| Subject = "CN=$($fqdn)" ; Remove to use an empty Subject name. | |
| Exportable = TRUE | |
| KeyLength = 2048 | |
| KeySpec = 1 ; Key Exchange – Required for encryption | |
| KeyUsage = 0xA0 ; Digital Signature, Key Encipherment | |
| MachineKeySet = True | |
| ProviderName = "Microsoft RSA SChannel Cryptographic Provider" | |
| RequestType = PKCS10 | |
| [EnhancedKeyUsageExtension] | |
| OID=1.3.6.1.5.5.7.3.1 ; Server Authentication | |
| OID=1.3.6.1.5.5.7.3.2 ; Client Authentication | |
| [Extensions] | |
| ; 2.5.29.17 is the OID for a SAN extension. | |
| 2.5.29.17 = "{text}" | |
| _continue_ = "dns=$($fqdn)&" | |
| [RequestAttributes] | |
| CertificateTemplate = WebServer | |
| "@ | |
| $answerFile = New-TemporaryFile | |
| Set-Content $answerFile.FullName $content | |
| $requestFile = New-TemporaryFile | |
| $publicCertFile = New-TemporaryFile | |
| Invoke-Expression -Command "certreq -new -q -f $($answerFile.FullName) $($requestFile.FullName)" | |
| Invoke-Expression -Command "certreq -submit -q -f -config $($AuthorityName) $($requestFile.FullName) $($publicCertFile.FullName)" | |
| Invoke-Expression -Command "certreq -accept $($publicCertFile.FullName)" | |
| # Get thumbprint of the newly generated certificate | |
| $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 | |
| $certPrint.Import($publicCertFile.FullName) | |
| $thumbprint = $certPrint.Thumbprint | |
| # Cleanup temporary file | |
| Remove-Item $answerFile.FullName, $requestFile.FullName, $publicCertFile.FullName -Force | |
| # And export signed certificate to PFX file | |
| Get-ChildItem -Path Cert:\LocalMachine\My\$thumbprint | Export-PfxCertificate -FilePath $CertificateOutputPath -Password $CertificatePassword | |
| } | |
| # Generate certificate | |
| $certificatePassword = ConvertTo-SecureString -String "LS1setup!" -Force -AsPlainText | |
| Get-WebCertificate -AuthorityName "APS-HOLDING\APS Root CA" ` | |
| -Fqdn "alfresco" ` | |
| -CertificateOutputPath "$env:USERPROFILE\Downloads\Alfresco.pfx" ` | |
| -CertificatePassword $certificatePassword | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment