Update 'csr.ps1'
This commit is contained in:
130
csr.ps1
130
csr.ps1
@@ -1,85 +1,65 @@
|
||||
openssl req -new -sha512 -nodes -newkey ec:$(openssl ecparam -name secp384r1) -keyout C:\users\crp3844\temp\smith.key -out C:\users\crp3844\temp\smith.csr -config `
|
||||
"[req]
|
||||
prompt = no
|
||||
default_md = sha512
|
||||
req_extensions = req_ext
|
||||
distinguished_name = dn
|
||||
|
||||
## still need to get parser and ask if none
|
||||
|
||||
$domain = "home.johnhgaunt.com"
|
||||
$hostnames = "gauntgitea"
|
||||
|
||||
foreach ($hostname in $hostnames) {
|
||||
|
||||
# create a working directory in the temp folder
|
||||
$workingDirectory = "$env:TEMP\csr"
|
||||
$outDirectory = "C:\Users\jgaunt\Temp"
|
||||
$configFile = "$workingDirectory\csr.conf"
|
||||
$ecParamsFile = "$workingDirectory\ec.params"
|
||||
$keyFile = "$outDirectory\$hostname.$domain.key"
|
||||
$csrFile = "$outDirectory\$hostname.$domain.csr"
|
||||
$crtFile = "$outDirectory\$hostname.$domain.crt"
|
||||
|
||||
$config = "[ req ]
|
||||
prompt = no
|
||||
default_md = sha512
|
||||
req_extensions = req_ext
|
||||
distinguished_name = dn
|
||||
|
||||
[ dn ]
|
||||
C=US
|
||||
ST=PA
|
||||
L=Pittsburgh
|
||||
O=Gaunt
|
||||
OU=Gaunt
|
||||
emailAddress=admin@johnhgaunt.com
|
||||
CN=smith.com
|
||||
[ dn ]
|
||||
C=US
|
||||
ST=PA
|
||||
L=Pittsburgh
|
||||
O=Gaunt
|
||||
OU=Gaunt
|
||||
emailAddress=admin@johnhgaunt.com
|
||||
CN=$hostname.$domain
|
||||
|
||||
[ req_ext ]
|
||||
subjectAltName = @alt_names
|
||||
[ req_ext ]
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[ alt_names ]
|
||||
DNS.1 = smith.com
|
||||
DNS.2 = smith
|
||||
EOF
|
||||
"
|
||||
[ alt_names ]
|
||||
DNS.1 = $hostname.$domain
|
||||
DNS.2 = $hostname"
|
||||
|
||||
# create the temp directory
|
||||
if (-not (test-path $dir)) {
|
||||
New-Item -ItemType directory -Path $dir | Out-Null
|
||||
}
|
||||
|
||||
# convert to unix file
|
||||
# https://stackoverflow.com/questions/5102115/unix-format-files-with-powershell
|
||||
sc $configFile ([byte[]][char[]] "$config") -Encoding Byte
|
||||
|
||||
# will use this and make an automated generater and approver
|
||||
# create the ec params
|
||||
openssl ecparam -name secp384r1 -out $ecParamsFile
|
||||
|
||||
#requires -Version 3.0
|
||||
# create the ecc private key
|
||||
openssl ecparam -in $ecParamsFile -genkey -noout -out $keyFile
|
||||
|
||||
function Get-CertificateRequestFile {
|
||||
param (
|
||||
[string]$InitialDirectory = $PSScriptRoot
|
||||
)
|
||||
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null
|
||||
$ShowDialog = New-Object System.Windows.Forms.OpenFileDialog
|
||||
$ShowDialog.InitialDirectory = $InitialDirectory
|
||||
$ShowDialog.Filter = "CSR File (*.csr)|*.csr|Request File (*.req)|*.req|Text File (*.txt)|*.txt|All Files (*.*)|*.*"
|
||||
$ShowDialog.ShowDialog() | Out-Null
|
||||
return $ShowDialog.FileName
|
||||
}
|
||||
# generate csr file
|
||||
openssl req -new -key $keyFile -nodes -out $csrFile -config $configFile
|
||||
|
||||
# submit the created CSR
|
||||
certreq -submit -config "GauntDC01.home.johnhgaunt.com\GAUNTDC01-CA" -attrib "CertificateTemplate:ServerandClient" $csrFile $crtFile
|
||||
|
||||
function Get-CertificateTemplates {
|
||||
$script:IssuingCA = certutil -config - -ping
|
||||
$script:IssuingCA = $script:IssuingCA | Where-Object { ($_ -match '\\') -and ($_ -notmatch 'Connecting')}
|
||||
$TemplateList = certutil -CATemplates -config $script:IssuingCA
|
||||
return $TemplateList
|
||||
}
|
||||
|
||||
$script:IssuingCA = ""
|
||||
$TemplateItems = @{}
|
||||
$i = 0
|
||||
$RequestFile = Get-CertificateRequestFile
|
||||
$Templates = Get-CertificateTemplates
|
||||
|
||||
foreach ($Template in $Templates) {
|
||||
if ($Template.Contains("--")) {
|
||||
$CurrentItem = $Template -split ' -- '
|
||||
$TemplateItems.Add($i,$CurrentItem[0])
|
||||
$i++
|
||||
}
|
||||
}
|
||||
do {
|
||||
Clear-Host
|
||||
Write-Output "`n"
|
||||
Write-Output "Selected Certificate Authority: $script:IssuingCA`n"
|
||||
$TemplateItems.GetEnumerator() | Sort-Object Name | ForEach-Object {Write-Output (" {0} - {1}" -F $_.Key, $_.Value)}
|
||||
$SelectedItem = Read-Host -Prompt "`nSelect the number for the requested template (CTRL+C to quit)"
|
||||
if ($SelectedItem -notin @(0..$i)) {
|
||||
$CurrentUIColor = $Host.UI.RawUI.ForegroundColor
|
||||
$Host.UI.RawUI.ForegroundColor = 'Yellow'
|
||||
Write-Output "Please select a valid number or CTRL+C to quit.."
|
||||
$Host.UI.RawUI.ForegroundColor = $CurrentUIColor
|
||||
Start-Sleep -Seconds 2
|
||||
}
|
||||
} while ($SelectedItem -notin @(0..$i))
|
||||
|
||||
$results = $TemplateItems.GetEnumerator() | Where-Object { $_.Key -eq $SelectedItem}
|
||||
$SelectedTemplate = ($($results.Value -split ':')[0]).Trim()
|
||||
|
||||
certreq -submit -config $script:IssuingCA -attrib "CertificateTemplate:$SelectedTemplate" $RequestFile
|
||||
|
||||
Clear-Variable TemplateItems
|
||||
# remove temp files and dir
|
||||
Remove-Item -Path $workingDirectory -Force -Recurse
|
||||
Remove-Item -Path $outDirectory\$hostname.$domain.rsp
|
||||
Remove-Item -Path $csrFile
|
||||
}
|
||||
Reference in New Issue
Block a user