Self Signed Certificates

readme.md

New-SelfSignedCert

Create a self signed cert and export to a file

./new-selfsignedcert.ps1 -cn localhost -ip "127.0.0.1"
    #$san,
    #$pfx = ".\cert.pfx"
    #$cer = ".\cert.cer"
    [securestring]$secret,
    [string]$friendlyname="SelfSigned Cert",
    [int]$years=1

New-SelfSignedCert.ps1

[CmdletBinding()]
param ( 
    [Parameter(mandatory=$true)]
    [string]$cn,
    [Parameter(mandatory=$false)]
    [string]$san,
    [Parameter(mandatory=$false)]
    [string]$ip,
    [Parameter(mandatory=$false)]
    [string]$pfx = ".\cert.pfx",
    [Parameter(mandatory=$false)]
    [string]$cer = ".\cert.cer",
    [Parameter(mandatory=$true)]
    [securestring]$secret,
    [Parameter(mandatory=$false)]
    [string]$friendlyname="SelfSigned Cert",
    [Parameter(mandatory=$false)]
    [int]$years=1
)
try {

#Todo:  make SAN AND IP an array

    $TextExtension = '2.5.29.17={text}dns=' + $($cn) + $(if($san){"&dns=$($san)" }) + $(if($ip){"&IPAddress=$($ip)"})
    $cert = New-selfsignedCertificate -FriendlyName "$($friendlyname)" -Subject "cn=$($cn)" -KeyExportPolicy "Exportable" -NotAfter (get-date).AddYears($years) -TextExtension @($TextExtension) -CertStoreLocation "cert:\LocalMachine\My"
    $pfxcert = Export-PFXCertificate -Cert $cert -FilePath $pfx -Password $secret
    $rootcert = Export-Certificate -Cert $cert -FilePath $cer -Type CER
    import-PFXcertificate -FilePath $cer `
            -CertStoreLocation Cert:\LocalMachine\Root `
            -Password $secret
} catch {
    Write-error $_.Exception.Message
}

test.md

Managing Certificates

Creating a Selfsigned Certificate

Export Certificate from Windows

Run the following commands in PowerShell to export the certificate into a pfx file with the private key

$password = ConvertTo-SecureString -String "MySupaSecretPassword" -AsPlainText -Force

Get-ChildItem cert:\\localmachine\my

    PSParentPath: Microsoft.PowerShell.Security\Certificate::localmachine\my

Thumbprint                                Subject                                                                     
----------                                -------                                                                                                     
1415949912706E941B63AADCFFEAAA7431233     CN=*.directrouting.guide  

$cert = Get-ChildItem cert:\\localmachine\my\1415949912706E941B63AADCFFEAAA7431233

Export-PfxCertificate -Cert $cert  -FilePath .\wildcard.pfx -Password $password

Import Certificate into a Audiocodes SBC via Powershell

If you want to do it all from the command line, then you can follow this process

Step 1. Open a PowerShell as administrator

powershell.exe

Step 2. Create a temporary firewall rule to allow port 80

New-NetFirewallRule -DisplayName 'HTTP TEMP' -Direction Inbound -Action Allow -Protocol TCP -LocalPort '80'

Step 3. Create Web Service

    Add-Type -AssemblyName System.Web

    $listener = New-Object System.Net.HttpListener
    $listener.Prefixes.Add('http://172.16.18.109/')
    $listener.Start()

    $context = $listener.GetContext()
    Write-verbose "Getting -> $($context.Request.Url.LocalPath)" -Verbose
    $URL = $Context.Request.Url.LocalPath
    $Content = Get-Content  -Path (join-path $PWD.Path $URL) -Encoding Byte
    $Context.Response.ContentType = [System.Web.MimeMapping]::GetMimeMapping("$URL")
    $Context.Response.OutputStream.Write($Content, 0, $Content.Length)
    $Context.Response.Close()
    $listener.close

Step 4. Telnet to server and copy cert from http

telnet 172.16.0.18 

enable
copy tls-private-key from http://172.16.0.10/wildcard.pfx context 0 pass-phrase MySupaSecretPassword

Step 5. Clean up #IMPORTANT

$listener.close
Remove-NetFirewallRule -DisplayName 'HTTP TEMP'