106 lines
3.7 KiB
PowerShell
106 lines
3.7 KiB
PowerShell
[cmdletbinding()]
|
|
param(
|
|
[Parameter(
|
|
Mandatory = $true,
|
|
ValueFromPipeline = $true,
|
|
Position = 0
|
|
)]
|
|
[string[]]$hostnames,
|
|
[string]$domain = "home.johnhgaunt.com",
|
|
[System.IO.FileInfo]$Path = [Environment]::GetFolderPath("Desktop"),
|
|
[ValidateSet("RSA2048", "RSA4096","ECC-256", "ECC-384")]
|
|
[string]$algorithm = "ECC-384",
|
|
[string]$server = "gauntonlineca.home.johnhgaunt.com\GauntOnlineCA-CA"
|
|
)
|
|
|
|
begin {
|
|
$subCA = "-----BEGIN CERTIFICATE-----
|
|
MIIDITCCAqegAwIBAgITZwAAAAPeVCG43Kcf6QAAAAAAAzAKBggqhkjOPQQDBDAc
|
|
MRowGAYDVQQDExFHQVVOVE9GRkxJTkVDQS1DQTAgFw0yMDA4MTMxMzAyNTdaGA8y
|
|
MDUwMDgxMzAzMDEyNlowYjETMBEGCgmSJomT8ixkARkWA2NvbTEaMBgGCgmSJomT
|
|
8ixkARkWCmpvaG5oZ2F1bnQxFDASBgoJkiaJk/IsZAEZFgRob21lMRkwFwYDVQQD
|
|
ExBHQVVOVE9OTElORUNBLUNBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkohPKLHw
|
|
g2TVOE50TA1dquNdzjt85aGqaKXge2D7xNIxpg+szcGXUp02I+WpkLa93EjNU1jk
|
|
GmLolGZkBKjvkyloH6C+U5yZfsqk8nqEO/xZTc73lfpFd8dHXKWvM6Szo4IBYTCC
|
|
AV0wEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFLH7NFt2lRfNFHPY4Wh6wA24
|
|
RLGIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNV
|
|
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDBzRo0u1ISTdP5CYUXpL+JCDhjIMFoG
|
|
A1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9nYXVudG9ubGluZWNhLmhvbWUuam9obmhn
|
|
YXVudC5jb20vQ2VydEVucm9sbC9HQVVOVE9GRkxJTkVDQS1DQS5jcmwwdAYIKwYB
|
|
BQUHAQEEaDBmMGQGCCsGAQUFBzAChlhodHRwOi8vZ2F1bnRvbmxpbmVjYS5ob21l
|
|
LmpvaG5oZ2F1bnQuY29tL0NlcnRFbnJvbGwvR2F1bnRPZmZsaW5lQ0FfR0FVTlRP
|
|
RkZMSU5FQ0EtQ0EuY3J0MAoGCCqGSM49BAMEA2gAMGUCMHrFpzJOXUCIFTmCbRmX
|
|
OQe7S4iVA0ISHMVk7LNqhSSmQNTbBS7cTcRUoH/jl+E5FwIxALrncv03Fi80zwn9
|
|
Rxff+wjtt7jg9/7wWEpdgIPFGDAaLKbVxhRZqO28YZqCTzQBgw==
|
|
-----END CERTIFICATE-----"
|
|
}
|
|
|
|
process {
|
|
|
|
foreach ($hostname in $hostnames) {
|
|
|
|
# create a working directory in the temp folder
|
|
$configFile = "$env:TEMP\$hostname.$domain.csr.conf"
|
|
$csrFile = "$path\$hostname.$domain.csr"
|
|
$keyFile = "$path\$hostname.$domain.key"
|
|
$crtFile = "$path\$hostname.$domain.crt"
|
|
|
|
$config = "[ req ]
|
|
prompt = no
|
|
default_md = sha512
|
|
req_extensions = req_ext
|
|
distinguished_name = req_distinguished_name
|
|
|
|
[ req_distinguished_name ]
|
|
C=US
|
|
ST=PA
|
|
L=Pittsburgh
|
|
O=Gaunt
|
|
OU=Gaunt
|
|
CN=$hostname.$domain
|
|
|
|
[ req_ext ]
|
|
subjectAltName = @alt_names
|
|
|
|
[ alt_names ]
|
|
DNS.1 = $hostname.$domain
|
|
DNS.2 = $hostname"
|
|
|
|
# convert to unix file
|
|
# https://stackoverflow.com/questions/5102115/unix-format-files-with-powershell
|
|
Set-Content "$configFile" ([byte[]][char[]] "$config") -Encoding Byte -Force
|
|
|
|
switch ($algorithm) {
|
|
"RSA2048" { $privateKeyGenerateArguments = "genrsa -out `"$keyFile`" 2048" }
|
|
"RSA4096" { $privateKeyGenerateArguments = "genrsa -out `"$keyFile`" 4096" }
|
|
"ECC-256" { $privateKeyGenerateArguments = "ecparam -name prime256v1 -genkey -noout -out `"$keyFile`"" }
|
|
"ECC-384" { $privateKeyGenerateArguments = "ecparam -name secp384r1 -genkey -noout -out `"$keyFile`"" }
|
|
}
|
|
switch -regex ($algorithm) {
|
|
"RSA.*" { $certReqAttrib = "CertificateTemplate:ServerandClient(RSA)" }
|
|
"ECC.*" { $certReqAttrib = "CertificateTemplate:ServerandClient(ECC)" }
|
|
}
|
|
|
|
Start-Process openssl.exe `
|
|
-ArgumentList $privateKeyGenerateArguments `
|
|
-Wait
|
|
|
|
Start-Process openssl.exe `
|
|
-ArgumentList "req -new -key `"$keyFile`" -nodes -out `"$csrFile`" -config `"$configFile`"" `
|
|
-Wait
|
|
|
|
Start-Process certreq.exe `
|
|
-ArgumentList "-submit -config `"$server`" -attrib `"$certReqAttrib`" `"$csrFile`" `"$crtFile`"" `
|
|
-Wait
|
|
|
|
# add the sub CA to the end of the cert
|
|
add-content $crtFile $subCA
|
|
|
|
Remove-Item -Path "$path\$hostname.$domain.rsp"
|
|
Remove-Item -Path "$csrFile"
|
|
}
|
|
}
|
|
|
|
end {
|
|
|
|
} |