-
Notifications
You must be signed in to change notification settings - Fork 70
/
Get-CertSigningReq.ps1
112 lines (90 loc) · 2.8 KB
/
Get-CertSigningReq.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# Author: Roberto Rodriguez (@Cyb3rWard0g)
# License: GPL-3.0
# References:
function Get-CertSigningReq {
[CmdletBinding()]
param (
[Parameter(Mandatory=$true)]
[string]$FriendlyName,
[Parameter(Mandatory=$true)]
[string]$Description,
[Parameter(Mandatory=$true)]
[string]$SubjectCommonName,
[Parameter(Mandatory=$false)]
[string]$SubjectOrganizationUnit,
[Parameter(Mandatory=$false)]
[string]$SubjectOrganization,
[Parameter(Mandatory=$false)]
[string]$SubjectCountry,
[Parameter(Mandatory=$false)]
[string]$SubjectState,
[Parameter(Mandatory=$false)]
[string]$SubjectLocality,
[Parameter(Mandatory=$false)]
[String[]]$SubjectAltNames,
[Parameter(Mandatory=$false)]
[ValidateSet('Microsoft RSA SChannel Cryptographic Provider','Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider')]
[string]$PKProviderName = "Microsoft RSA SChannel Cryptographic Provider",
[Parameter(Mandatory=$false)]
[string]$PKKeySize = 2048,
[Parameter(Mandatory=$false)]
[ValidateSet('True','False')]
[string]$PKMakeExportable = 'True',
[Parameter(Mandatory=$true)]
[string]$CertFilePath
)
$SubjectString = @("CN=$SubjectCommonName")
if ($SubjectOrganizationUnit)
{
$SubjectString += "OU=$SubjectOrganizationUnit"
}
if ($SubjectOrganization)
{
$SubjectString += "O=$SubjectOrganization"
}
if ($SubjectLocality)
{
$SubjectString += "L=$SubjectLocality"
}
if ($SubjectState)
{
$SubjectString += "S=$SubjectState"
}
if ($SubjectCountry)
{
$SubjectString += "C=$SubjectCountry"
}
$SubjectString = $SubjectString -join ","
$CertReqINF = @"
[Version]
Signature= '`$Windows NT$'
[NewRequest]
Subject = `"$SubjectString`"
KeySpec = 1 ; AT_KEYEXCHANGE
KeyLength = $PKKeySize
Exportable = $PKMakeExportable
ExportableEncrypted = $PKMakeExportable
MachineKeySet = True
ProviderName = $PKProviderName
RequestType = PKCS10
KeyUsage = 0xa0; Digital Signature, Key Encipherment
FriendlyName = $FriendlyName
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
"@
if ($SubjectAltNames){
$CertReqINF = $CertReqINF + "`n`n[Extensions]`n2.5.29.17 = `"{text}`""
foreach ($altName in $SubjectAltNames)
{
$CertReqINF = $CertReqINF + "`n_continue_ = `"dns=$altName&`""
}
}
# **** Request INF *****
Write-Host "[+] Request INF String:"
$CertReqINF
$tmpFile = [System.IO.Path]::GetTempFileName()
$CertReqINF | Out-File $tmpFile
& certreq.exe -new $tmpFile $CertFilePath
#***** Remove Temp File *****
Remove-Item $tmpFile -ErrorAction SilentlyContinue
}