Last active
January 4, 2021 21:57
-
-
Save jimdiroffii/e4d4383e27dcb4c178b38324112677b7 to your computer and use it in GitHub Desktop.
Azure Powershell - Generate root and client certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # With previous session from root generation still open | |
| New-SelfSignedCertificate -Type Custom -DnsName <clientcertificatename> -KeySpec Signature ` | |
| -Subject "CN=<clientcertificatename>" -KeyExportPolicy Exportable ` | |
| -HashAlgorithm sha256 -KeyLength 4096 ` | |
| -CertStoreLocation "Cert:\CurrentUser\My" ` | |
| -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature ` | |
| -Subject "CN=<rootcertificatename>" -KeyExportPolicy Exportable ` | |
| -HashAlgorithm sha256 -KeyLength 4096 ` | |
| -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign | |
| # Leave session open to run client cert script |
Scripts modified from originals: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Update <> with appropriate names.
Run generaterootcert.ps1, then generateclientcert.ps1. The certificates can then be exported using certmgr.msc.