Last active
February 7, 2023 12:34
-
-
Save brootware/02fd95592197f1e007027ee3506dad37 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| [string]$CSRPath, | |
| [string]$SignedCertificatePath = "${CSRPath.Replace('.req', '.cer')}" | |
| ) | |
| # Create a new certificate request | |
| $Subject = Read-Host "Enter the subject name for the certificate (e.g. CN=www.example.com)" | |
| $KeyLength = Read-Host "Enter the key length (e.g. 2048)" | |
| $Algorithm = Read-Host "Enter the signature algorithm (e.g. SHA256)" | |
| $CertificateRequest = New-CertificateRequest -Subject $Subject -KeyLength $KeyLength -KeyAlgorithm $Algorithm -HashAlgorithm $Algorithm -Path $CSRPath | |
| # Submit the certificate request to the CA | |
| Submit-CertificateRequest -CertificateRequest $CertificateRequest -CAConfig "StandAloneRootCA" | |
| # Retrieve the pending certificate request | |
| $PendingRequest = Get-PendingRequest | Where-Object {$_.CertificateRequest -eq $CertificateRequest} | |
| # Approve the pending certificate request | |
| Approve-CertificateRequest -RequestId $PendingRequest.RequestId | |
| # Retrieve the issued certificate | |
| $IssuedCertificate = Get-IssuedRequest -RequestId $PendingRequest.RequestId | |
| Export-Certificate -Cert $IssuedCertificate -FilePath $SignedCertificatePath | |
| # .\SignCSR.ps1 -TemplateName "Web Server" -CSRPath "C:\temp\webserver.req" | |
| # Note: This script assumes that the CA is a standalone root CA, and that the CertificateAuthority module is installed. If you are using a # different type of CA or do not have the module installed, you may need to make adjustments to the script. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| [string]$Domain = $(Throw "Error: No domain name argument provided. Usage: Provide a domain name as an argument.") | |
| ) | |
| $DOMAIN = $Domain | |
| # Create root CA & Private key | |
| $CreateRootCA = "openssl req -x509 -sha256 -days 356 -nodes -newkey rsa:2048 -subj `"/CN=$DOMAIN/C=US/L=San Fransisco`" -keyout rootCA.key -out rootCA.crt" | |
| Invoke-Expression $CreateRootCA | |
| # Generate Private key | |
| $CreatePrivateKey = "openssl genrsa -out $DOMAIN.key 2048" | |
| Invoke-Expression $CreatePrivateKey | |
| # Create csr conf | |
| $CsrConf = @" | |
| [ req ] | |
| default_bits = 2048 | |
| prompt = no | |
| default_md = sha256 | |
| req_extensions = req_ext | |
| distinguished_name = dn | |
| [ dn ] | |
| C = US | |
| ST = California | |
| L = San Fransisco | |
| O = MLopsHub | |
| OU = MlopsHub Dev | |
| CN = $DOMAIN | |
| [ req_ext ] | |
| subjectAltName = @alt_names | |
| [ alt_names ] | |
| DNS.1 = $DOMAIN | |
| DNS.2 = www.$DOMAIN | |
| IP.1 = 192.168.1.5 | |
| IP.2 = 192.168.1.6 | |
| "@ | |
| Set-Content -Path csr.conf -Value $CsrConf | |
| # create CSR request using private key | |
| $CreateCsr = "openssl req -new -key $DOMAIN.key -out $DOMAIN.csr -config csr.conf" | |
| Invoke-Expression $CreateCsr | |
| # Create a external config file for the certificate | |
| $CertConf = @" | |
| authorityKeyIdentifier=keyid,issuer | |
| basicConstraints=CA:FALSE | |
| keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = $DOMAIN | |
| "@ | |
| Set-Content -Path cert.conf -Value $CertConf | |
| # Create SSl with self signed CA | |
| $CreateSSL = "openssl x509 -req -in $DOMAIN.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out $DOMAIN.crt -days 365 -sha256 -extfile cert.conf" | |
| Invoke-Expression $CreateSSL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Installing a server certificate and a CA certificate on a Windows Server typically involves the following steps:
Copy the certificate and CA certificate files to the Windows Server.
Open the Microsoft Management Console (MMC) on the Windows Server.
Click on File and then click on Add/Remove Snap-in.
Select the Certificates Snap-in and click on Add.
Choose Computer account and click Next.
Choose Local computer and click Finish.
Click OK to close the Add/Remove Snap-in window.
Expand the Certificates (Local Computer) folder.
Right-click on the Trusted Root Certification Authorities folder and select All Tasks, then Import.
Follow the Certificate Import Wizard to import the CA certificate.
Right-click on the Personal folder and select All Tasks, then Import.
Follow the Certificate Import Wizard to import the server certificate.
Restart the server to make sure the changes take effect.
Configure the server software, such as IIS or Apache, to use the certificate for secure communication.
Note: These steps are just an overview, the exact steps may differ slightly based on the version of Windows Server you are using.