-
Notifications
You must be signed in to change notification settings - Fork 2
/
Create_self-signed_certificate_script.ps1
52 lines (43 loc) · 3.77 KB
/
Create_self-signed_certificate_script.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true, Position = 1)]
[String]$localIP = "__LOCALIPADDRESS__",
[Parameter(Mandatory = $false, Position = 2)]
[Int32]$lifeTimeDays = 365 * 50
)
function Create-SelfSignedCertificate {
param ($hostname, $lifeTimeDays);
$name = new-object -com "X509Enrollment.CX500DistinguishedName.1";
$name.Encode("CN=$hostname", 0);
$key = new-object -com "X509Enrollment.CX509PrivateKey.1";
$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider";
$key.KeySpec = 1;
$key.Length = 2048;
$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)";
$key.MachineContext = 1;
$key.Create();
$serverauthoid = new-object -com "X509Enrollment.CObjectId.1";
$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1");
$ekuoids = new-object -com "X509Enrollment.CObjectIds.1";
$ekuoids.add($serverauthoid);
$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1";
$ekuext.InitializeEncode($ekuoids);
$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1";
$cert.InitializeFromPrivateKey(2, $key, "");
$cert.Subject = $name;
$cert.Issuer = $cert.Subject;
# We subtract one day from the start time to avoid timezone or other
# time issues where cert is not yet valid
$SubtractDays = New-Object System.TimeSpan 1, 0, 0, 0, 0;
$curdate = get-date;
$cert.NotBefore = $curdate.Subtract($SubtractDays);
$cert.NotAfter = $cert.NotBefore.AddDays($lifeTimeDays);
$cert.X509Extensions.Add($ekuext);
$cert.Encode();
$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1";
$enrollment.InitializeFromRequest($cert);
$certdata = $enrollment.CreateRequest(0);
$enrollment.InstallResponse(2, $certdata, 0, "");
}
$hostname = $localIP + "_Solarwinds_Zero_Configuration";
Create-SelfSignedCertificate $hostname $lifeTimeDays;