Created
February 12, 2018 15:17
-
-
Save jabez007/6f4333a8825ccb4b108f19f5ea6d7ed4 to your computer and use it in GitHub Desktop.
Quick PowerShell script for requesting, issuing, and installing certificates issued from an internal CA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| [string]$CAHost = "default.ca-server.com", | |
| [string]$CA = "default certificate authority" | |
| ) | |
| # Make sure we are running as Admin | |
| If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")){ | |
| $arguments = "& '" + $myinvocation.mycommand.definition + "'" | |
| Start-Process powershell -Verb runAs -ArgumentList $arguments | |
| Break | |
| } | |
| Function Cleanup-Files() { | |
| if (Test-Path "CreateInternalSigned.inf") { | |
| Remove-Item "CreateInternalSigned.inf" | |
| } | |
| if (Test-Path "Internal.req") { | |
| Remove-Item "Internal.req" | |
| } | |
| if (Test-Path "Internal.cer") { | |
| Remove-Item "Internal.cer" | |
| } | |
| Exit $LASTEXITCODE | |
| } | |
| cd $PSScriptRoot | |
| # Intro/Info | |
| Write-Host This tool will create a certificate signed by | |
| write-host the internal certificate authority for the | |
| write-host specified environment. | |
| write-host | |
| # Setup the .inf file for CertReq | |
| $subjectname = read-host "Enter the name of the environment" | |
| $infFile = @" | |
| [NewRequest] | |
| Subject = "CN=$subjectname,O=Internal" | |
| ;properties | |
| KeyLength = 2048 | |
| KeyAlgorithm = RSA | |
| Exportable = true | |
| HashAlgorithm = sha256 | |
| KeyUsage = "CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERT_DATA_ENCIPHERMENT_KEY_USAGE" | |
| [EnhancedKeyUsageExtension] | |
| OID=1.3.6.1.5.5.7.3.1 | |
| OID=1.3.6.1.5.5.7.3.2 | |
| "@ | |
| Out-File -FilePath "CreateInternalSigned.inf" -InputObject $infFile | |
| # Create new certificate request | |
| Certreq -new -machine CreateInternalSigned.inf Internal.req | |
| if ($LASTEXITCODE -ne 0) | |
| { | |
| Write-Host "ERROR generating certificate" | |
| Cleanup-Files | |
| } | |
| # Submit certificate request to Internal CA | |
| $request = certreq -submit -config $CAHost\$CA Internal.req | Out-String | Select-String 'RequestId: (\d+)' | |
| if ($LASTEXITCODE -ne 0) | |
| { | |
| Write-Host "ERROR submitting request" | |
| Cleanup-Files | |
| } | |
| # Get RequestID | |
| if ($request) | |
| { | |
| $requestID = $request.Matches[0].Groups[1].Value.Trim() | |
| # Issue requested certificate | |
| Invoke-Command -ComputerName $CAHost -ScriptBlock {certutil -resubmit $args[0]} -ArgumentList $requestID | |
| if ($LASTEXITCODE -ne 0) | |
| { | |
| Write-Host "ERROR issuing certificate" | |
| Cleanup-Files | |
| } | |
| # Retrieve issued certificate | |
| certreq -retrieve -config $CAHost\$CA $requestID Internal.cer | |
| if ($LASTEXITCODE -ne 0) | |
| { | |
| Write-Host "ERROR retrieving certificate" | |
| Cleanup-Files | |
| } | |
| # Complete certificate request | |
| certreq -accept -machine Internal.cer | |
| if ($LASTEXITCODE -ne 0) | |
| { | |
| Write-Host "ERROR completing request" | |
| Cleanup-Files | |
| } | |
| Write-Host "$SubjectName saved to Local Computer > Personal store " | |
| } | |
| Read-Host "press enter to continue..." | |
| Cleanup-Files |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment