[cmdletbinding()] param( [Parameter( Mandatory = $true, ValueFromPipeline = $true, Position = 0 )] [string[]]$hostnames, [string]$domain = "home.johnhgaunt.com", [System.IO.FileInfo]$Path = [Environment]::GetFolderPath("Desktop"), [ValidateSet("RSA2048", "RSA4096","ECC-256", "ECC-384")] [string]$algorithm = "ECC-384", [string]$server = "gauntonlineca.home.johnhgaunt.com\GauntOnlineCA-CA" ) begin { $subCA = "-----BEGIN CERTIFICATE----- MIIDITCCAqegAwIBAgITZwAAAAPeVCG43Kcf6QAAAAAAAzAKBggqhkjOPQQDBDAc MRowGAYDVQQDExFHQVVOVE9GRkxJTkVDQS1DQTAgFw0yMDA4MTMxMzAyNTdaGA8y MDUwMDgxMzAzMDEyNlowYjETMBEGCgmSJomT8ixkARkWA2NvbTEaMBgGCgmSJomT 8ixkARkWCmpvaG5oZ2F1bnQxFDASBgoJkiaJk/IsZAEZFgRob21lMRkwFwYDVQQD ExBHQVVOVE9OTElORUNBLUNBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkohPKLHw g2TVOE50TA1dquNdzjt85aGqaKXge2D7xNIxpg+szcGXUp02I+WpkLa93EjNU1jk GmLolGZkBKjvkyloH6C+U5yZfsqk8nqEO/xZTc73lfpFd8dHXKWvM6Szo4IBYTCC AV0wEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFLH7NFt2lRfNFHPY4Wh6wA24 RLGIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNV HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDBzRo0u1ISTdP5CYUXpL+JCDhjIMFoG A1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9nYXVudG9ubGluZWNhLmhvbWUuam9obmhn YXVudC5jb20vQ2VydEVucm9sbC9HQVVOVE9GRkxJTkVDQS1DQS5jcmwwdAYIKwYB BQUHAQEEaDBmMGQGCCsGAQUFBzAChlhodHRwOi8vZ2F1bnRvbmxpbmVjYS5ob21l LmpvaG5oZ2F1bnQuY29tL0NlcnRFbnJvbGwvR2F1bnRPZmZsaW5lQ0FfR0FVTlRP RkZMSU5FQ0EtQ0EuY3J0MAoGCCqGSM49BAMEA2gAMGUCMHrFpzJOXUCIFTmCbRmX OQe7S4iVA0ISHMVk7LNqhSSmQNTbBS7cTcRUoH/jl+E5FwIxALrncv03Fi80zwn9 Rxff+wjtt7jg9/7wWEpdgIPFGDAaLKbVxhRZqO28YZqCTzQBgw== -----END CERTIFICATE-----" } process { foreach ($hostname in $hostnames) { # create a working directory in the temp folder $configFile = "$env:TEMP\$hostname.$domain.csr.conf" $csrFile = "$path\$hostname.$domain.csr" $keyFile = "$path\$hostname.$domain.key" $crtFile = "$path\$hostname.$domain.crt" $config = "[ req ] prompt = no default_md = sha512 req_extensions = req_ext distinguished_name = req_distinguished_name [ req_distinguished_name ] C=US ST=PA L=Pittsburgh O=Gaunt OU=Gaunt CN=$hostname.$domain [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = $hostname.$domain DNS.2 = $hostname" # convert to unix file # https://stackoverflow.com/questions/5102115/unix-format-files-with-powershell Set-Content "$configFile" ([byte[]][char[]] "$config") -Encoding Byte -Force switch ($algorithm) { "RSA2048" { $privateKeyGenerateArguments = "genrsa -out `"$keyFile`" 2048" } "RSA4096" { $privateKeyGenerateArguments = "genrsa -out `"$keyFile`" 4096" } "ECC-256" { $privateKeyGenerateArguments = "ecparam -name prime256v1 -genkey -noout -out `"$keyFile`"" } "ECC-384" { $privateKeyGenerateArguments = "ecparam -name secp384r1 -genkey -noout -out `"$keyFile`"" } } switch -regex ($algorithm) { "RSA.*" { $certReqAttrib = "CertificateTemplate:ServerandClient(RSA)" } "ECC.*" { $certReqAttrib = "CertificateTemplate:ServerandClient(ECC)" } } Start-Process openssl.exe ` -ArgumentList $privateKeyGenerateArguments ` -Wait Start-Process openssl.exe ` -ArgumentList "req -new -key `"$keyFile`" -nodes -out `"$csrFile`" -config `"$configFile`"" ` -Wait Start-Process certreq.exe ` -ArgumentList "-submit -config `"$server`" -attrib `"$certReqAttrib`" `"$csrFile`" `"$crtFile`"" ` -Wait # add the sub CA to the end of the cert add-content $crtFile $subCA Remove-Item -Path "$path\$hostname.$domain.rsp" Remove-Item -Path "$csrFile" } } end { }