signCsrStandaloneCA.ps1

param (
    [string]$CSRPath,
    [string]$SignedCertificatePath = "${CSRPath.Replace('.req', '.cer')}"
)

# Create a new certificate request
$Subject = Read-Host "Enter the subject name for the certificate (e.g. CN=www.example.com)"
$KeyLength = Read-Host "Enter the key length (e.g. 2048)"
$Algorithm = Read-Host "Enter the signature algorithm (e.g. SHA256)"

$CertificateRequest = New-CertificateRequest -Subject $Subject -KeyLength $KeyLength -KeyAlgorithm $Algorithm -HashAlgorithm $Algorithm -Path $CSRPath

# Submit the certificate request to the CA
Submit-CertificateRequest -CertificateRequest $CertificateRequest -CAConfig "StandAloneRootCA"

# Retrieve the pending certificate request
$PendingRequest = Get-PendingRequest | Where-Object {$_.CertificateRequest -eq $CertificateRequest}

# Approve the pending certificate request
Approve-CertificateRequest -RequestId $PendingRequest.RequestId

# Retrieve the issued certificate
$IssuedCertificate = Get-IssuedRequest -RequestId $PendingRequest.RequestId
Export-Certificate -Cert $IssuedCertificate -FilePath $SignedCertificatePath



# .\SignCSR.ps1 -TemplateName "Web Server" -CSRPath "C:\temp\webserver.req"
# Note: This script assumes that the CA is a standalone root CA, and that the CertificateAuthority module is installed. If you are using a # different type of CA or do not have the module installed, you may need to make adjustments to the script.

TlsGen.ps1

param (
    [string]$Domain = $(Throw "Error: No domain name argument provided. Usage: Provide a domain name as an argument.")
)

$DOMAIN = $Domain

# Create root CA & Private key

$CreateRootCA = "openssl req -x509 -sha256 -days 356 -nodes -newkey rsa:2048 -subj `"/CN=$DOMAIN/C=US/L=San Fransisco`" -keyout rootCA.key -out rootCA.crt"
Invoke-Expression $CreateRootCA

# Generate Private key

$CreatePrivateKey = "openssl genrsa -out $DOMAIN.key 2048"
Invoke-Expression $CreatePrivateKey

# Create csr conf

$CsrConf = @"
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C = US
ST = California
L = San Fransisco
O = MLopsHub
OU = MlopsHub Dev
CN = $DOMAIN

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = $DOMAIN
DNS.2 = www.$DOMAIN
IP.1 = 192.168.1.5 
IP.2 = 192.168.1.6

"@

Set-Content -Path csr.conf -Value $CsrConf

# create CSR request using private key

$CreateCsr = "openssl req -new -key $DOMAIN.key -out $DOMAIN.csr -config csr.conf"
Invoke-Expression $CreateCsr

# Create a external config file for the certificate

$CertConf = @"
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = $DOMAIN

"@

Set-Content -Path cert.conf -Value $CertConf

# Create SSl with self signed CA

$CreateSSL = "openssl x509 -req -in $DOMAIN.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out $DOMAIN.crt -days 365 -sha256 -extfile cert.conf"
Invoke-Expression $CreateSSL

How it'll look like in typical CA and server node

# Generate a private key in server node
openssl genpkey -algorithm RSA -out server_private_key.pem -aes256

# Create a Certificate Signing Request (CSR) from the server's private key:
openssl req -key server_private_key.pem -new -out server_csr.pem

# Submit the CSR to the CA, and have the CA sign it to generate a certificate:
openssl x509 -req -in server_csr.pem -CA ca_cert.pem -CAkey ca_private_key.pem -CAcreateserial -out server_cert.pem -days 365 -sha256

Install the server certificate and the CA certificate on the server node.
Note: In this example, the ca_cert.pem and ca_private_key.pem represent the CA's certificate and private key, respectively. The server_private_key.pem and server_cert.pem are the private key and certificate for the server node, respectively. The number of days specified in the -days option is the number of days the certificate is valid for.

The steps for installing a server certificate and the CA certificate on a Linux server typically involve the following steps:

Copy the server certificate and the CA certificate to the server node. You can use SCP or FTP to transfer the files.

Store the certificates in the appropriate location, typically in /etc/ssl/certs/ or /usr/local/share/ca-certificates/.

Update the trusted certificate store of the system. You can do this by running the update-ca-certificates command as root.

Restart the server or the service that will use the certificate.

The exact steps may vary depending on the Linux distribution you are using and the service that will use the certificate. For example, Apache web server uses its own certificate store and the steps for installing a certificate in Apache will be different from the steps for installing a certificate in OpenSSL.

Installing a server certificate and a CA certificate on a Windows Server typically involves the following steps:

Copy the certificate and CA certificate files to the Windows Server.

Open the Microsoft Management Console (MMC) on the Windows Server.

Click on File and then click on Add/Remove Snap-in.

Select the Certificates Snap-in and click on Add.

Choose Computer account and click Next.

Choose Local computer and click Finish.

Click OK to close the Add/Remove Snap-in window.

Expand the Certificates (Local Computer) folder.

Right-click on the Trusted Root Certification Authorities folder and select All Tasks, then Import.

Follow the Certificate Import Wizard to import the CA certificate.

Right-click on the Personal folder and select All Tasks, then Import.

Follow the Certificate Import Wizard to import the server certificate.

Restart the server to make sure the changes take effect.

Configure the server software, such as IIS or Apache, to use the certificate for secure communication.

Note: These steps are just an overview, the exact steps may differ slightly based on the version of Windows Server you are using.