Update 'csr.ps1'
This commit is contained in:
132
csr.ps1
132
csr.ps1
@@ -1,85 +1,65 @@
|
|||||||
openssl req -new -sha512 -nodes -newkey ec:$(openssl ecparam -name secp384r1) -keyout C:\users\crp3844\temp\smith.key -out C:\users\crp3844\temp\smith.csr -config `
|
|
||||||
"[req]
|
|
||||||
prompt = no
|
|
||||||
default_md = sha512
|
|
||||||
req_extensions = req_ext
|
|
||||||
distinguished_name = dn
|
|
||||||
|
|
||||||
[ dn ]
|
## still need to get parser and ask if none
|
||||||
C=US
|
|
||||||
ST=PA
|
|
||||||
L=Pittsburgh
|
|
||||||
O=Gaunt
|
|
||||||
OU=Gaunt
|
|
||||||
emailAddress=admin@johnhgaunt.com
|
|
||||||
CN=smith.com
|
|
||||||
|
|
||||||
[ req_ext ]
|
$domain = "home.johnhgaunt.com"
|
||||||
subjectAltName = @alt_names
|
$hostnames = "gauntgitea"
|
||||||
|
|
||||||
[ alt_names ]
|
foreach ($hostname in $hostnames) {
|
||||||
DNS.1 = smith.com
|
|
||||||
DNS.2 = smith
|
|
||||||
EOF
|
|
||||||
"
|
|
||||||
|
|
||||||
|
# create a working directory in the temp folder
|
||||||
|
$workingDirectory = "$env:TEMP\csr"
|
||||||
|
$outDirectory = "C:\Users\jgaunt\Temp"
|
||||||
|
$configFile = "$workingDirectory\csr.conf"
|
||||||
|
$ecParamsFile = "$workingDirectory\ec.params"
|
||||||
|
$keyFile = "$outDirectory\$hostname.$domain.key"
|
||||||
|
$csrFile = "$outDirectory\$hostname.$domain.csr"
|
||||||
|
$crtFile = "$outDirectory\$hostname.$domain.crt"
|
||||||
|
|
||||||
|
$config = "[ req ]
|
||||||
|
prompt = no
|
||||||
|
default_md = sha512
|
||||||
|
req_extensions = req_ext
|
||||||
|
distinguished_name = dn
|
||||||
|
|
||||||
# will use this and make an automated generater and approver
|
[ dn ]
|
||||||
|
C=US
|
||||||
|
ST=PA
|
||||||
|
L=Pittsburgh
|
||||||
|
O=Gaunt
|
||||||
|
OU=Gaunt
|
||||||
|
emailAddress=admin@johnhgaunt.com
|
||||||
|
CN=$hostname.$domain
|
||||||
|
|
||||||
#requires -Version 3.0
|
[ req_ext ]
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
function Get-CertificateRequestFile {
|
[ alt_names ]
|
||||||
param (
|
DNS.1 = $hostname.$domain
|
||||||
[string]$InitialDirectory = $PSScriptRoot
|
DNS.2 = $hostname"
|
||||||
)
|
|
||||||
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null
|
# create the temp directory
|
||||||
$ShowDialog = New-Object System.Windows.Forms.OpenFileDialog
|
if (-not (test-path $dir)) {
|
||||||
$ShowDialog.InitialDirectory = $InitialDirectory
|
New-Item -ItemType directory -Path $dir | Out-Null
|
||||||
$ShowDialog.Filter = "CSR File (*.csr)|*.csr|Request File (*.req)|*.req|Text File (*.txt)|*.txt|All Files (*.*)|*.*"
|
}
|
||||||
$ShowDialog.ShowDialog() | Out-Null
|
|
||||||
return $ShowDialog.FileName
|
# convert to unix file
|
||||||
|
# https://stackoverflow.com/questions/5102115/unix-format-files-with-powershell
|
||||||
|
sc $configFile ([byte[]][char[]] "$config") -Encoding Byte
|
||||||
|
|
||||||
|
# create the ec params
|
||||||
|
openssl ecparam -name secp384r1 -out $ecParamsFile
|
||||||
|
|
||||||
|
# create the ecc private key
|
||||||
|
openssl ecparam -in $ecParamsFile -genkey -noout -out $keyFile
|
||||||
|
|
||||||
|
# generate csr file
|
||||||
|
openssl req -new -key $keyFile -nodes -out $csrFile -config $configFile
|
||||||
|
|
||||||
|
# submit the created CSR
|
||||||
|
certreq -submit -config "GauntDC01.home.johnhgaunt.com\GAUNTDC01-CA" -attrib "CertificateTemplate:ServerandClient" $csrFile $crtFile
|
||||||
|
|
||||||
|
# remove temp files and dir
|
||||||
|
Remove-Item -Path $workingDirectory -Force -Recurse
|
||||||
|
Remove-Item -Path $outDirectory\$hostname.$domain.rsp
|
||||||
|
Remove-Item -Path $csrFile
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function Get-CertificateTemplates {
|
|
||||||
$script:IssuingCA = certutil -config - -ping
|
|
||||||
$script:IssuingCA = $script:IssuingCA | Where-Object { ($_ -match '\\') -and ($_ -notmatch 'Connecting')}
|
|
||||||
$TemplateList = certutil -CATemplates -config $script:IssuingCA
|
|
||||||
return $TemplateList
|
|
||||||
}
|
|
||||||
|
|
||||||
$script:IssuingCA = ""
|
|
||||||
$TemplateItems = @{}
|
|
||||||
$i = 0
|
|
||||||
$RequestFile = Get-CertificateRequestFile
|
|
||||||
$Templates = Get-CertificateTemplates
|
|
||||||
|
|
||||||
foreach ($Template in $Templates) {
|
|
||||||
if ($Template.Contains("--")) {
|
|
||||||
$CurrentItem = $Template -split ' -- '
|
|
||||||
$TemplateItems.Add($i,$CurrentItem[0])
|
|
||||||
$i++
|
|
||||||
}
|
|
||||||
}
|
|
||||||
do {
|
|
||||||
Clear-Host
|
|
||||||
Write-Output "`n"
|
|
||||||
Write-Output "Selected Certificate Authority: $script:IssuingCA`n"
|
|
||||||
$TemplateItems.GetEnumerator() | Sort-Object Name | ForEach-Object {Write-Output (" {0} - {1}" -F $_.Key, $_.Value)}
|
|
||||||
$SelectedItem = Read-Host -Prompt "`nSelect the number for the requested template (CTRL+C to quit)"
|
|
||||||
if ($SelectedItem -notin @(0..$i)) {
|
|
||||||
$CurrentUIColor = $Host.UI.RawUI.ForegroundColor
|
|
||||||
$Host.UI.RawUI.ForegroundColor = 'Yellow'
|
|
||||||
Write-Output "Please select a valid number or CTRL+C to quit.."
|
|
||||||
$Host.UI.RawUI.ForegroundColor = $CurrentUIColor
|
|
||||||
Start-Sleep -Seconds 2
|
|
||||||
}
|
|
||||||
} while ($SelectedItem -notin @(0..$i))
|
|
||||||
|
|
||||||
$results = $TemplateItems.GetEnumerator() | Where-Object { $_.Key -eq $SelectedItem}
|
|
||||||
$SelectedTemplate = ($($results.Value -split ':')[0]).Trim()
|
|
||||||
|
|
||||||
certreq -submit -config $script:IssuingCA -attrib "CertificateTemplate:$SelectedTemplate" $RequestFile
|
|
||||||
|
|
||||||
Clear-Variable TemplateItems
|
|
||||||
Reference in New Issue
Block a user