Skip to content

Instantly share code, notes, and snippets.

@naamancampbell
Created October 19, 2017 08:00
Show Gist options
  • Save naamancampbell/6a5f5c4e0336fabaed3d0f7f02e013da to your computer and use it in GitHub Desktop.
Save naamancampbell/6a5f5c4e0336fabaed3d0f7f02e013da to your computer and use it in GitHub Desktop.
## generate Certificate Signing Request (CSR) with certutil
$FedServiceName = "sts.clancampbell.id.au"
$RequestPolicy = @"
[Version]
Signature="`$Windows NT$"
[NewRequest]
Subject = "CN=$FedServiceName,OU=ICT,O=ClanCampbell,L=Brisbane,S=Queensland,C=AU"
Exportable = FALSE ; TRUE = Private key is exportable
KeyLength = 2048 ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1 ; Key Exchange – Required for encryption
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
FriendlyName = "ADFS
RequestType = PKCS10
[Extensions]
; Subject Alternative Names (SANs)
2.5.29.17 = "{text}"
_continue_ = "dns=$FedServiceName&"
_continue_ = "dns=enterpriseregistration.clancampbell.id.au&"
"@
$CertsDir = "C:\Admin\Certs"
if ( ! (Test-Path -Path $CertsDir -PathType Container)) {
mkdir -p $CertsDir
}
$RequestPolicy > $CertsDir\$FedServiceName.inf
certreq -new $CertsDir\$FedServiceName.inf $CertsDir\$FedServiceName.req
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment