Created
November 23, 2017 13:47
-
-
Save nyanhp/f9757d6a34cb15aa3cbc57474cf1df13 to your computer and use it in GitHub Desktop.
Working with the lab PKI environment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# To create a lab with a PKI, check out our sample scripts, e.g. "PKI Simple.ps1" in your $labsources | |
Import-Lab MyPkiLab | |
# One-liner to enable auto-enrollment for code signing certificates for all lab users and computers | |
Enable-LabCertificateAutoenrollment -Computer -User -CodeSigning | |
# Prepare for a new template | |
$splat = @{ | |
TemplateName = "MyTemplate" | |
DisplayName = "My awesome template" | |
SourceTemplateName = "WebServer" | |
EnrollmentFlags = "Autoenrollment" | |
PrivateKeyFlags = "AllowKeyExport" | |
ValidityPeriod = (New-TimeSpan -Days 1825) | |
ComputerName = (Get-LabIssuingCA).Name | |
SamAccountName = 'Domain Computers' | |
} | |
New-LabCATemplate @splat | |
# Request a certificate with your new template | |
Request-LabCertificate -Subject 'CN=LabMachine,DC=somedomain,DC=com' -SAN SuperAwesomeSAN,AnotherSAN -ComputerName labVm1 -TemplateName MyTemplate | |
# Check if a lab machine has certain certificates in store | |
# The recently requested one | |
Get-LabCertificate -Store My -Location CERT_SYSTEM_STORE_LOCAL_MACHINE -ComputerName labVm1 -FindType FindByTemplateName -SearchString MyTemplate | |
# A valid certificate for e.g. Protect-CmsMessage | |
Get-LabCertificate -Store My -Location CERT_SYSTEM_STORE_LOCAL_MACHINE -ComputerName xpull1 -FindType FindByKeyUsage -SearchString KeyEncipherment |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment