CertificatePS is a very small PowerShell module that provides two cmdlets:
Get-CertificateTemplate
New-DomainSignedCertificate
They could have been gists or just scripts, but I chose to package them in a module because I really love the convenience package repositories offer in terms of versioning and deployment.
The github repository is here.
Get-CertificateTemplate
takes a System.Security.Cryptography.X509Certificates.X509Certificate2
instance and outputs the template name.
By default, the template is not accessible as a property on the X509Certificate2
.net type. The cmdlet is a written based on these discussions.
The certificate can be piped into the Get-CertificateTemplate
. For example
Get-ChildItem cert:\LocalMachine\My | Get-CertificateTemplate
New-DomainSignedCertificate
requests and issues a certificate from the domain certificate authority. This only works with the Active Directory ecosystem.
The cmdlet is in fact a wrapper around multiple invocations of certreq.exe
The cmdlet is a written based on these.
The cmdlet needs the certificate authority. If you don’t know it then execute certutil
in a command line and copy the value of the line config.
Here is an example for hostname example.com
. The hostname will be the common name in the issued certificate.
New-DomainSignedCertificate -Hostname "example.com" -CertificateAuthority ""
The cmdlet will automatically generate a friendly name combining the date and hostname. e.g. 20160513.example.com
.
You can explicitly control this value from the -FriendlyName
parameter. You can also have more control on the data of the certificate by using the optional parameters.
Organization
OrganizationUnit
Locality
State
Country
Keylength
Parameter -workdir
controls where the intermediate files are generated.
Leave a Comment