Skip to content

Instantly share code, notes, and snippets.

@ridomin
Created October 3, 2022 04:58
Show Gist options
  • Save ridomin/0ffb6a3c4c51eec7cdb020bedc8e0a5d to your computer and use it in GitHub Desktop.
Save ridomin/0ffb6a3c4c51eec7cdb020bedc8e0a5d to your computer and use it in GitHub Desktop.
create-client-certificate.ps1
$root = gci "cert:\CurrentUser\my\<ca-thumbprint>"
Write-Host "Creating a Leaf Certificate chained to root:"
Write-Host " Root Subject:" $root.Subject.Substring(3)
Write-Host " Root Thumprint:" $root.Thumbprint
$certName = Read-Host "Device ID?"
$keyPwd = Read-Host "Key Password?" -AsSecureString
$cert = New-SelfSignedCertificate `
-CertStoreLocation cert:\CurrentUser\my `
-Subject $certName `
-Signer $root `
-HashAlgorithm SHA256 `
-NotAfter (Get-Date).AddMonths(24) `
-KeyUsage KeyEncipherment, DataEncipherment, DigitalSignature, NonRepudiation
Write-Host ""
Write-Host "Certificate generated and saved in cert store: my/CurrentUser"
Write-Host $cert.Subject $cert.Thumbprint
Write-Host " . exporting certs to PFX/PEM/KEY files"
Write-Host ""
Export-Certificate -Cert $cert -FilePath "$certname.bin.cer" -TYPE CERT
certutil -encode "$certname.bin.cer" "$certname.pem"
Export-PfxCertificate -Cert $cert -FilePath "$certname.pfx" -Password $keyPwd
$txtPwd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($keyPwd))
$bashCmd = "openssl pkcs12 -in '$certname.pfx' -out '$certname.secure.key' -nodes -passin pass:'$txtPwd' -passout pass:'$txtPwd'"
bash -c $bashCmd
$bashcmd = "openssl rsa -in '$certname.secure.key' -out '$certname.key'"
bash -c $bashCmd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment