param( $rsa, $hostnames ) if (-not $PSBoundParameters.ContainsKey('rsa')) { $test = read-host "Do you want a RSA (r) or EEC (e) cert? (e/r)" if ($test -eq "r") { $rsa = $True } } if ($hostnames -eq $null) { $hostnames = read-host "Please enter Hostnames, no domain, to generate CSRs for" } $domain = "home.johnhgaunt.com" $subCA = "-----BEGIN CERTIFICATE----- MIIDITCCAqegAwIBAgITZwAAAAPeVCG43Kcf6QAAAAAAAzAKBggqhkjOPQQDBDAc MRowGAYDVQQDExFHQVVOVE9GRkxJTkVDQS1DQTAgFw0yMDA4MTMxMzAyNTdaGA8y MDUwMDgxMzAzMDEyNlowYjETMBEGCgmSJomT8ixkARkWA2NvbTEaMBgGCgmSJomT 8ixkARkWCmpvaG5oZ2F1bnQxFDASBgoJkiaJk/IsZAEZFgRob21lMRkwFwYDVQQD ExBHQVVOVE9OTElORUNBLUNBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkohPKLHw g2TVOE50TA1dquNdzjt85aGqaKXge2D7xNIxpg+szcGXUp02I+WpkLa93EjNU1jk GmLolGZkBKjvkyloH6C+U5yZfsqk8nqEO/xZTc73lfpFd8dHXKWvM6Szo4IBYTCC AV0wEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFLH7NFt2lRfNFHPY4Wh6wA24 RLGIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNV HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDBzRo0u1ISTdP5CYUXpL+JCDhjIMFoG A1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9nYXVudG9ubGluZWNhLmhvbWUuam9obmhn YXVudC5jb20vQ2VydEVucm9sbC9HQVVOVE9GRkxJTkVDQS1DQS5jcmwwdAYIKwYB BQUHAQEEaDBmMGQGCCsGAQUFBzAChlhodHRwOi8vZ2F1bnRvbmxpbmVjYS5ob21l LmpvaG5oZ2F1bnQuY29tL0NlcnRFbnJvbGwvR2F1bnRPZmZsaW5lQ0FfR0FVTlRP RkZMSU5FQ0EtQ0EuY3J0MAoGCCqGSM49BAMEA2gAMGUCMHrFpzJOXUCIFTmCbRmX OQe7S4iVA0ISHMVk7LNqhSSmQNTbBS7cTcRUoH/jl+E5FwIxALrncv03Fi80zwn9 Rxff+wjtt7jg9/7wWEpdgIPFGDAaLKbVxhRZqO28YZqCTzQBgw== -----END CERTIFICATE-----" foreach ($hostname in $hostnames) { # create a working directory in the temp folder $workingDirectory = "$env:TEMP\csr" $outDirectory = "C:\Users\jgaunt\Temp" $configFile = "$workingDirectory\csr.conf" $ecParamsFile = "$workingDirectory\ec.params" $keyFile = "$outDirectory\$hostname.$domain.key" $csrFile = "$workingDirectory\$hostname.$domain.csr" $crtFile = "$outDirectory\$hostname.$domain.crt" $config = "[ req ] prompt = no default_md = sha512 req_extensions = req_ext distinguished_name = dn [ dn ] C=US ST=PA L=Pittsburgh O=Gaunt OU=Gaunt emailAddress=admin@johnhgaunt.com CN=$hostname.$domain [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = $hostname.$domain DNS.2 = $hostname" # create the temp directory if (-not (test-path $workingDirectory)) { New-Item -ItemType directory -Path $workingDirectory | Out-Null } # convert to unix file # https://stackoverflow.com/questions/5102115/unix-format-files-with-powershell sc $configFile ([byte[]][char[]] "$config") -Encoding Byte if ($rsa) { # create key fil openssl genrsa -out $keyFile 4096 # generate csr file openssl req -new -key $keyFile -nodes -out $csrFile -config $configFile # submit the created CSR certreq -submit -config "gauntonlineca.home.johnhgaunt.com\GauntOnlineCA-CA" -attrib "CertificateTemplate:ServerandClient(RSA)" $csrFile $crtFile } else { # create the ec params openssl ecparam -name secp384r1 -out $ecParamsFile # create the ecc private key openssl ecparam -in $ecParamsFile -genkey -noout -out $keyFile # generate csr file openssl req -new -key $keyFile -nodes -out $csrFile -config $configFile # submit the created CSR certreq -submit -config "gauntonlineca.home.johnhgaunt.com\GauntOnlineCA-CA" -attrib "CertificateTemplate:ServerandClient(ECC)" $csrFile $crtFile } # add the sub CA to the end of the cert add-content $crtFile $subCA # remove temp files and dir Remove-Item -Path $workingDirectory -Force -Recurse Remove-Item -Path $outDirectory\$hostname.$domain.rsp Remove-Item -Path $csrFile }