ADFS-certutil-CSR.ps1

## generate Certificate Signing Request (CSR) with certutil
$FedServiceName = "sts.clancampbell.id.au"
$RequestPolicy = @"
[Version] 
Signature="`$Windows NT$"
[NewRequest]
Subject = "CN=$FedServiceName,OU=ICT,O=ClanCampbell,L=Brisbane,S=Queensland,C=AU" 
Exportable = FALSE   ; TRUE = Private key is exportable
KeyLength = 2048     ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1          ; Key Exchange – Required for encryption
KeyUsage = 0xA0      ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
FriendlyName = "ADFS 
RequestType = PKCS10
[Extensions]
; Subject Alternative Names (SANs)
2.5.29.17 = "{text}"
_continue_ = "dns=$FedServiceName&"
_continue_ = "dns=enterpriseregistration.clancampbell.id.au&"
"@
$CertsDir = "C:\Admin\Certs"
if ( ! (Test-Path -Path $CertsDir -PathType Container)) {
  mkdir -p $CertsDir
}
$RequestPolicy > $CertsDir\$FedServiceName.inf
certreq -new $CertsDir\$FedServiceName.inf $CertsDir\$FedServiceName.req