Skip to content

Instantly share code, notes, and snippets.

@djhohnstein

djhohnstein/gist:c4c82fa2a5918059ae1ca9a7b8439786

Created July 16, 2021 15:12
Show Gist options
  • Save djhohnstein/c4c82fa2a5918059ae1ca9a7b8439786 to your computer and use it in GitHub Desktop.
Save djhohnstein/c4c82fa2a5918059ae1ca9a7b8439786 to your computer and use it in GitHub Desktop.
Download ZIP
CertEnroll JS Test
Raw
gistfile1.txt
function InvokeCreateCertificate(certSubject, isCA)
{
var CAsubject = certSubject;
var dn = new ActiveXObject("X509Enrollment.CX500DistinguishedName");
dn.Encode( "CN=" + CAsubject, 0);
var issuer = "_TEST_CERT_INSTALL";
var issuerdn = new ActiveXObject("X509Enrollment.CX500DistinguishedName");
issuerdn.Encode("CN=" + issuer, 0);
var key = new ActiveXObject("X509Enrollment.CX509PrivateKey");
key.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider";
if(isCA)
{
key.KeySpec = 2 ;
}
else
{
key.KeySpec = 1;
}
key.Length = 2048;
key.MachineContext = 0;
//https://msdn.microsoft.com/en-us/library/windows/desktop/aa379412(v=vs.85).aspx
key.ExportPolicy = 11;
key.Create() ;
var serverauthoid = new ActiveXObject("X509Enrollment.CObjectId");
serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1");
var ekuoids = new ActiveXObject("X509Enrollment.CObjectIds.1");
ekuoids.Add(serverauthoid);
var ekuext = new ActiveXObject("X509Enrollment.CX509ExtensionEnhancedKeyUsage");
ekuext.InitializeEncode(ekuoids);
var cert = new ActiveXObject("X509Enrollment.CX509CertificateRequestCertificate");
cert.InitializeFromPrivateKey(1, key, "");
cert.Subject = dn;
cert.Issuer = issuerdn;
cert.NotBefore = "12/31/2014";
cert.NotAfter = "12/31/2025";
var hashAlgorithmObject = new ActiveXObject("X509Enrollment.CObjectId");
hashAlgorithmObject.InitializeFromAlgorithmName(1,0,0,"SHA256");
cert.HashAlgorithm = hashAlgorithmObject;
cert.X509Extensions.Add(ekuext)
if (isCA)
{
var basicConst = new ActiveXObject("X509Enrollment.CX509ExtensionBasicConstraints");
basicConst.InitializeEncode("true", 1);
cert.X509Extensions.Add(basicConst);
cert.Encode();
var enrollment = new ActiveXObject("X509Enrollment.CX509Enrollment");
enrollment.InitializeFromRequest(cert);
var certdata = enrollment.CreateRequest(0);
enrollment.InstallResponse(2, certdata, 0, "");
var oShell = new ActiveXObject("WScript.Shell");
var oExec = oShell.Exec('certutil -store -user MY _TEST_CERT_INSTALL');
var strOut = oExec.StdOut.ReadAll();
var lines = strOut.split("\r\n");
var serial = lines[2].split(":")[1].split(" ")[1]
var oExec = oShell.Exec('certutil -exportPFX -p password -user My '+ serial +' C:\\Windows\\Tasks\\cert.pfx');
var start = new Date().getTime();
for (var i = 0; i < 1e7; i++) {
if ((new Date().getTime() - start) > 5000){
break;
}
}
var oExec = oShell.Exec('certutil -f -p password -user -importpfx C:\\Windows\\Tasks\\cert.pfx');
}
else
{
var oShell = new ActiveXObject("WScript.Shell");
var oExec = oShell.Exec('certutil -store -user MY _TEST_CERT_INSTALL');
var strOut = oExec.StdOut.ReadAll();
var lines = strOut.split("\r\n");
var serial = lines[2].split(":")[1].split(" ")[1]
var signerCertificate = new ActiveXObject("X509Enrollment.CSignerCertificate");
signerCertificate.Initialize(0,0,4, serial)
cert.SignerCertificate = signerCertificate
cert.Encode();
var enrollment = new ActiveXObject("X509Enrollment.CX509Enrollment");
enrollment.InitializeFromRequest(cert);
var certdata = enrollment.CreateRequest(0);
enrollment.InstallResponse(2, certdata, 0, "");
}
}
InvokeCreateCertificate("_TEST_CERT_INSTALL", true);
InvokeCreateCertificate("www.example.com", false);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment