diff --git a/csr.ps1 b/csr.ps1 index 631f689..ede6f74 100644 --- a/csr.ps1 +++ b/csr.ps1 @@ -1,85 +1,65 @@ -openssl req -new -sha512 -nodes -newkey ec:$(openssl ecparam -name secp384r1) -keyout C:\users\crp3844\temp\smith.key -out C:\users\crp3844\temp\smith.csr -config ` -"[req] -prompt = no -default_md = sha512 -req_extensions = req_ext -distinguished_name = dn + +## still need to get parser and ask if none + +$domain = "home.johnhgaunt.com" +$hostnames = "gauntgitea" + +foreach ($hostname in $hostnames) { + + # create a working directory in the temp folder + $workingDirectory = "$env:TEMP\csr" + $outDirectory = "C:\Users\jgaunt\Temp" + $configFile = "$workingDirectory\csr.conf" + $ecParamsFile = "$workingDirectory\ec.params" + $keyFile = "$outDirectory\$hostname.$domain.key" + $csrFile = "$outDirectory\$hostname.$domain.csr" + $crtFile = "$outDirectory\$hostname.$domain.crt" + + $config = "[ req ] + prompt = no + default_md = sha512 + req_extensions = req_ext + distinguished_name = dn -[ dn ] -C=US -ST=PA -L=Pittsburgh -O=Gaunt -OU=Gaunt -emailAddress=admin@johnhgaunt.com -CN=smith.com + [ dn ] + C=US + ST=PA + L=Pittsburgh + O=Gaunt + OU=Gaunt + emailAddress=admin@johnhgaunt.com + CN=$hostname.$domain -[ req_ext ] -subjectAltName = @alt_names + [ req_ext ] + subjectAltName = @alt_names -[ alt_names ] -DNS.1 = smith.com -DNS.2 = smith -EOF -" + [ alt_names ] + DNS.1 = $hostname.$domain + DNS.2 = $hostname" + # create the temp directory + if (-not (test-path $dir)) { + New-Item -ItemType directory -Path $dir | Out-Null + } + # convert to unix file + # https://stackoverflow.com/questions/5102115/unix-format-files-with-powershell + sc $configFile ([byte[]][char[]] "$config") -Encoding Byte -# will use this and make an automated generater and approver + # create the ec params + openssl ecparam -name secp384r1 -out $ecParamsFile -#requires -Version 3.0 + # create the ecc private key + openssl ecparam -in $ecParamsFile -genkey -noout -out $keyFile -function Get-CertificateRequestFile { - param ( - [string]$InitialDirectory = $PSScriptRoot - ) - [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null - $ShowDialog = New-Object System.Windows.Forms.OpenFileDialog - $ShowDialog.InitialDirectory = $InitialDirectory - $ShowDialog.Filter = "CSR File (*.csr)|*.csr|Request File (*.req)|*.req|Text File (*.txt)|*.txt|All Files (*.*)|*.*" - $ShowDialog.ShowDialog() | Out-Null - return $ShowDialog.FileName -} + # generate csr file + openssl req -new -key $keyFile -nodes -out $csrFile -config $configFile + # submit the created CSR + certreq -submit -config "GauntDC01.home.johnhgaunt.com\GAUNTDC01-CA" -attrib "CertificateTemplate:ServerandClient" $csrFile $crtFile -function Get-CertificateTemplates { - $script:IssuingCA = certutil -config - -ping - $script:IssuingCA = $script:IssuingCA | Where-Object { ($_ -match '\\') -and ($_ -notmatch 'Connecting')} - $TemplateList = certutil -CATemplates -config $script:IssuingCA - return $TemplateList -} - -$script:IssuingCA = "" -$TemplateItems = @{} -$i = 0 -$RequestFile = Get-CertificateRequestFile -$Templates = Get-CertificateTemplates - -foreach ($Template in $Templates) { - if ($Template.Contains("--")) { - $CurrentItem = $Template -split ' -- ' - $TemplateItems.Add($i,$CurrentItem[0]) - $i++ - } -} -do { - Clear-Host - Write-Output "`n" - Write-Output "Selected Certificate Authority: $script:IssuingCA`n" - $TemplateItems.GetEnumerator() | Sort-Object Name | ForEach-Object {Write-Output (" {0} - {1}" -F $_.Key, $_.Value)} - $SelectedItem = Read-Host -Prompt "`nSelect the number for the requested template (CTRL+C to quit)" - if ($SelectedItem -notin @(0..$i)) { - $CurrentUIColor = $Host.UI.RawUI.ForegroundColor - $Host.UI.RawUI.ForegroundColor = 'Yellow' - Write-Output "Please select a valid number or CTRL+C to quit.." - $Host.UI.RawUI.ForegroundColor = $CurrentUIColor - Start-Sleep -Seconds 2 - } -} while ($SelectedItem -notin @(0..$i)) - -$results = $TemplateItems.GetEnumerator() | Where-Object { $_.Key -eq $SelectedItem} -$SelectedTemplate = ($($results.Value -split ':')[0]).Trim() - -certreq -submit -config $script:IssuingCA -attrib "CertificateTemplate:$SelectedTemplate" $RequestFile - -Clear-Variable TemplateItems \ No newline at end of file + # remove temp files and dir + Remove-Item -Path $workingDirectory -Force -Recurse + Remove-Item -Path $outDirectory\$hostname.$domain.rsp + Remove-Item -Path $csrFile +} \ No newline at end of file