Updated to better code

csr.ps1

@@ -1,22 +1,19 @@
+[cmdletbinding()]
 param(
-    $rsa,
-    $hostnames
+    [Parameter(
+            Mandatory = $true, 
+            ValueFromPipeline = $true,
+            Position = 0
+    )]
+    [string[]]$hostnames
+    [string]$domain = "home.johnhgaunt.com",
+    [System.IO.FileInfo]$Path = [Environment]::GetFolderPath("Desktop"),
+    [ValidateSet("RSA2048", "RSA4096","ECC-256", "ECC-384")]
+    [string]$algorithm = "RSA2048"
 )
 
-if (-not $PSBoundParameters.ContainsKey('rsa')) {
-    $test = read-host "Do you want a RSA (r) or EEC (e) cert? (e/r)"
-
-    if ($test -eq "r") {
-        $rsa = $True        
-    }
-}
-
-if ($hostnames -eq $null) {
-    $hostnames = read-host "Please enter Hostnames, no domain, to generate CSRs for"
-}
-
-$domain = "home.johnhgaunt.com"
-$subCA = "-----BEGIN CERTIFICATE-----
+begin {
+    $subCA = "-----BEGIN CERTIFICATE-----
 MIIDITCCAqegAwIBAgITZwAAAAPeVCG43Kcf6QAAAAAAAzAKBggqhkjOPQQDBDAc
 MRowGAYDVQQDExFHQVVOVE9GRkxJTkVDQS1DQTAgFw0yMDA4MTMxMzAyNTdaGA8y
 MDUwMDgxMzAzMDEyNlowYjETMBEGCgmSJomT8ixkARkWA2NvbTEaMBgGCgmSJomT
@@ -35,79 +32,74 @@ RkZMSU5FQ0EtQ0EuY3J0MAoGCCqGSM49BAMEA2gAMGUCMHrFpzJOXUCIFTmCbRmX
 OQe7S4iVA0ISHMVk7LNqhSSmQNTbBS7cTcRUoH/jl+E5FwIxALrncv03Fi80zwn9
 Rxff+wjtt7jg9/7wWEpdgIPFGDAaLKbVxhRZqO28YZqCTzQBgw==
 -----END CERTIFICATE-----"
+}
 
-foreach ($hostname in $hostnames) {
+process {
 
-    # create a working directory in the temp folder
-    $workingDirectory = "$env:TEMP\csr"
-    $outDirectory = "$env:USERPROFILE\Desktop"
-    $configFile = "$workingDirectory\csr.conf"
-    $ecParamsFile = "$workingDirectory\ec.params"
-    $keyFile = "$outDirectory\$hostname.$domain.key"
-    $csrFile = "$workingDirectory\$hostname.$domain.csr"
-    $crtFile = "$outDirectory\$hostname.$domain.crt"
+    foreach ($hostname in $hostnames) {
 
-    $config = "[ req ]
-    prompt = no
-    default_md = sha512
-    req_extensions = req_ext
-    distinguished_name = dn
- 
-    [ dn ]
-    C=US
-    ST=PA
-    L=Pittsburgh
-    O=Gaunt
-    OU=Gaunt
-    emailAddress=admin@johnhgaunt.com
-    CN=$hostname.$domain
- 
-    [ req_ext ]
-    subjectAltName = @alt_names
- 
-    [ alt_names ]
-    DNS.1 = $hostname.$domain
-    DNS.2 = $hostname"
+        # create a working directory in the temp folder
+        $configFile = "$env:TEMP\$hostname.$domain.csr.conf"
+        $csrFile = "$path\$hostname.$domain.csr"
+        $keyFile = "$path\$hostname.$domain.key"
+        $crtFile = "$path\$hostname.$domain.crt"
 
-    # create the temp directory
-    if (-not (test-path $workingDirectory)) {
-        New-Item -ItemType directory -Path $workingDirectory | Out-Null
+        $config = "[ req ]
+prompt = no
+default_md = sha512
+req_extensions = req_ext
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+C=US
+ST=PA
+L=Pittsburgh
+O=Gaunt
+OU=Gaunt
+CN=$hostname.$domain
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = $hostname.$domain
+DNS.2 = $hostname"
+
+        # convert to unix file
+        # https://stackoverflow.com/questions/5102115/unix-format-files-with-powershell
+        Set-Content "$configFile" ([byte[]][char[]] "$config") -Encoding Byte -Force
+
+        switch ($algorithm) {
+            "RSA2048" { $privateKeyGenerateArguments = "genrsa -out `"$keyFile`" 2048" }
+            "RSA4096" { $privateKeyGenerateArguments = "genrsa -out `"$keyFile`" 4096" }
+            "ECC-256" { $privateKeyGenerateArguments = "ecparam -name prime256v1 -genkey -noout -out `"$keyFile`"" }
+            "ECC-384" { $privateKeyGenerateArguments = "ecparam -name secp384r1 -genkey -noout -out `"$keyFile`"" }
+        }
+        switch -regex ($algorithm) {
+            "RSA.*" { $certReqAttrib = "CertificateTemplate:ServerandClient(RSA)" }
+            "ECC.*" { $certReqAttrib = "CertificateTemplate:ServerandClient(ECC)" }
+        }
+
+        Start-Process openssl.exe `
+            -ArgumentList $privateKeyGenerateArguments `
+            -Wait
+
+        Start-Process openssl.exe `
+            -ArgumentList "req -new -key `"$keyFile`" -nodes -out `"$csrFile`" -config `"$configFile`"" `
+            -Wait
+
+        Start-Process certreq.exe `
+            -ArgumentList "-submit -config `"gauntonlineca.home.johnhgaunt.com\GauntOnlineCA-CA`" -attrib `"$certReqAttrib`" `"$csrFile`" `"$crtFile`"" `
+            -Wait
+
+        # add the sub CA to the end of the cert
+        add-content $crtFile $subCA
+        
+        Remove-Item -Path "$path\$hostname.$domain.rsp"
+        Remove-Item -Path "$csrFile"
     }
+}
 
-    # convert to unix file
-    # https://stackoverflow.com/questions/5102115/unix-format-files-with-powershell
-    sc $configFile ([byte[]][char[]] "$config") -Encoding Byte
-    
-    if ($rsa) {
-        # create key fil
-        openssl genrsa -out $keyFile 4096
+end {
 
-        # generate csr file
-        openssl req -new -key $keyFile -nodes -out $csrFile -config $configFile
-
-        # submit the created CSR
-        certreq -submit -config "gauntonlineca.home.johnhgaunt.com\GauntOnlineCA-CA" -attrib "CertificateTemplate:ServerandClient(RSA)" $csrFile $crtFile
-
-    } else {
-        # create the ec params
-        openssl ecparam -name secp384r1 -out $ecParamsFile
-
-        # create the ecc private key
-        openssl ecparam -in $ecParamsFile -genkey -noout -out $keyFile
-
-        # generate csr file
-        openssl req -new -key $keyFile -nodes -out $csrFile -config $configFile
-
-        # submit the created CSR
-        certreq -submit -config "gauntonlineca.home.johnhgaunt.com\GauntOnlineCA-CA" -attrib "CertificateTemplate:ServerandClient(ECC)" $csrFile $crtFile
-    }
-
-    # add the sub CA to the end of the cert
-    add-content $crtFile $subCA
-    
-
-    # remove temp files and dir
-    Remove-Item -Path $workingDirectory -Force -Recurse
-    Remove-Item -Path $outDirectory\$hostname.$domain.rsp
-    Remove-Item -Path $csrFile
 }