113 lines
3.7 KiB
PowerShell
113 lines
3.7 KiB
PowerShell
param(
|
|
$rsa,
|
|
$hostnames
|
|
)
|
|
|
|
if (-not $PSBoundParameters.ContainsKey('rsa')) {
|
|
$test = read-host "Do you want a RSA (r) or EEC (e) cert? (e/r)"
|
|
|
|
if ($test -eq "r") {
|
|
$rsa = $True
|
|
}
|
|
}
|
|
|
|
if ($hostnames -eq $null) {
|
|
$hostnames = read-host "Please enter Hostnames, no domain, to generate CSRs for"
|
|
}
|
|
|
|
$domain = "home.johnhgaunt.com"
|
|
$subCA = "-----BEGIN CERTIFICATE-----
|
|
MIIDITCCAqegAwIBAgITZwAAAAPeVCG43Kcf6QAAAAAAAzAKBggqhkjOPQQDBDAc
|
|
MRowGAYDVQQDExFHQVVOVE9GRkxJTkVDQS1DQTAgFw0yMDA4MTMxMzAyNTdaGA8y
|
|
MDUwMDgxMzAzMDEyNlowYjETMBEGCgmSJomT8ixkARkWA2NvbTEaMBgGCgmSJomT
|
|
8ixkARkWCmpvaG5oZ2F1bnQxFDASBgoJkiaJk/IsZAEZFgRob21lMRkwFwYDVQQD
|
|
ExBHQVVOVE9OTElORUNBLUNBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkohPKLHw
|
|
g2TVOE50TA1dquNdzjt85aGqaKXge2D7xNIxpg+szcGXUp02I+WpkLa93EjNU1jk
|
|
GmLolGZkBKjvkyloH6C+U5yZfsqk8nqEO/xZTc73lfpFd8dHXKWvM6Szo4IBYTCC
|
|
AV0wEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFLH7NFt2lRfNFHPY4Wh6wA24
|
|
RLGIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNV
|
|
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDBzRo0u1ISTdP5CYUXpL+JCDhjIMFoG
|
|
A1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9nYXVudG9ubGluZWNhLmhvbWUuam9obmhn
|
|
YXVudC5jb20vQ2VydEVucm9sbC9HQVVOVE9GRkxJTkVDQS1DQS5jcmwwdAYIKwYB
|
|
BQUHAQEEaDBmMGQGCCsGAQUFBzAChlhodHRwOi8vZ2F1bnRvbmxpbmVjYS5ob21l
|
|
LmpvaG5oZ2F1bnQuY29tL0NlcnRFbnJvbGwvR2F1bnRPZmZsaW5lQ0FfR0FVTlRP
|
|
RkZMSU5FQ0EtQ0EuY3J0MAoGCCqGSM49BAMEA2gAMGUCMHrFpzJOXUCIFTmCbRmX
|
|
OQe7S4iVA0ISHMVk7LNqhSSmQNTbBS7cTcRUoH/jl+E5FwIxALrncv03Fi80zwn9
|
|
Rxff+wjtt7jg9/7wWEpdgIPFGDAaLKbVxhRZqO28YZqCTzQBgw==
|
|
-----END CERTIFICATE-----"
|
|
|
|
foreach ($hostname in $hostnames) {
|
|
|
|
# create a working directory in the temp folder
|
|
$workingDirectory = "$env:TEMP\csr"
|
|
$outDirectory = "C:\Users\jgaunt\Temp"
|
|
$configFile = "$workingDirectory\csr.conf"
|
|
$ecParamsFile = "$workingDirectory\ec.params"
|
|
$keyFile = "$outDirectory\$hostname.$domain.key"
|
|
$csrFile = "$outDirectory\$hostname.$domain.csr"
|
|
$crtFile = "$outDirectory\$hostname.$domain.crt"
|
|
|
|
$config = "[ req ]
|
|
prompt = no
|
|
default_md = sha512
|
|
req_extensions = req_ext
|
|
distinguished_name = dn
|
|
|
|
[ dn ]
|
|
C=US
|
|
ST=PA
|
|
L=Pittsburgh
|
|
O=Gaunt
|
|
OU=Gaunt
|
|
emailAddress=admin@johnhgaunt.com
|
|
CN=$hostname.$domain
|
|
|
|
[ req_ext ]
|
|
subjectAltName = @alt_names
|
|
|
|
[ alt_names ]
|
|
DNS.1 = $hostname.$domain
|
|
DNS.2 = $hostname"
|
|
|
|
# create the temp directory
|
|
if (-not (test-path $workingDirectory)) {
|
|
New-Item -ItemType directory -Path $workingDirectory | Out-Null
|
|
}
|
|
|
|
# convert to unix file
|
|
# https://stackoverflow.com/questions/5102115/unix-format-files-with-powershell
|
|
sc $configFile ([byte[]][char[]] "$config") -Encoding Byte
|
|
|
|
if ($rsa) {
|
|
# create key fil
|
|
openssl genrsa -out $keyFile 4096
|
|
|
|
# generate csr file
|
|
openssl req -new -key $keyFile -nodes -out $csrFile -config $configFile
|
|
|
|
# submit the created CSR
|
|
certreq -submit -config "gauntonlineca.home.johnhgaunt.com\GauntOnlineCA-CA" -attrib "CertificateTemplate:ServerandClient(RSA)" $csrFile $crtFile
|
|
|
|
} else {
|
|
# create the ec params
|
|
openssl ecparam -name secp384r1 -out $ecParamsFile
|
|
|
|
# create the ecc private key
|
|
openssl ecparam -in $ecParamsFile -genkey -noout -out $keyFile
|
|
|
|
# generate csr file
|
|
openssl req -new -key $keyFile -nodes -out $csrFile -config $configFile
|
|
|
|
# submit the created CSR
|
|
certreq -submit -config "gauntonlineca.home.johnhgaunt.com\GauntOnlineCA-CA" -attrib "CertificateTemplate:ServerandClient(ECC)" $csrFile $crtFile
|
|
}
|
|
|
|
# add the sub CA to the end of the cert
|
|
add-content $crtFile $subCA
|
|
|
|
|
|
# remove temp files and dir
|
|
Remove-Item -Path $workingDirectory -Force -Recurse
|
|
Remove-Item -Path $outDirectory\$hostname.$domain.rsp
|
|
Remove-Item -Path $csrFile
|
|
} |