Differences

This shows you the differences between two versions of the page.

--- certs [12/30/2024 05:39] – created johnsonjohn
+++ certs [12/31/2025 05:40] (current) – removed johnsonjohn
@@ Line 1: / Line 1: @@
-======Certs======
-----
-=====PowerShell Certs=====
-====CSR Generator====
-<code>
-## PowerShell Script to generate a Certificate Signing Request (CSR) using the SHA256 (SHA-256) signature algorithm and a 2048 bit key size (RSA) via the Cert Request Utility (certreq) ##
-<#
-JWJ0215 2023
-#>
-###
-##
-#   YOU WILL NEED TO START ISE AS OTHER USER TO RUN....
-####################
-# Prerequisite check
-####################
-if (-NOT([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
-    Write-Host "Administrator priviliges are required. Please restart this script with elevated rights." -ForegroundColor Red
-    Pause
-    Throw "Administrator priviliges are required. Please restart this script with elevated rights."
-}
-#######################
-# Setting the variables
-#######################
-$UID = [guid]::NewGuid()
-$files = @{}
-$files['settings'] = "$($env:TEMP)\$($UID)-settings.inf";
-$files['csr'] = "$($env:TEMP)\$($UID)-csr.req"
-$request = @{}
-$request['SAN'] = @{}
-Write-Host "Provide the Subject details required for the Certificate Signing Request" -ForegroundColor Yellow
-$request['CN'] = Read-Host "Common Name (CN)"
-$request['O'] = Read-Host "Organization (O)"
-$request['OU'] = Read-Host "Organizational Unit (OU)"
-$request['L'] = Read-Host "Locality / City (L)"
-$request['S'] = Read-Host "State (S)"
-$request['C'] = Read-Host "Country Code (C)"
-###########################
-# Subject Alternative Names
-###########################
-$i = 0
-Do {
-$i++
-    $request['SAN'][$i] = read-host "Subject Alternative Name $i (e.g. alt.company.com / leave empty for none)"
-    if ($request['SAN'][$i] -eq "") {
-    }
-} until ($request['SAN'][$i] -eq "")
-# Remove the last in the array (which is empty)
-$request['SAN'].Remove($request['SAN'].Count)
-#########################
-# Create the settings.inf
-#########################
-$settingsInf = "
-[Version]
-Signature=`"`$Windows NT`$
-[NewRequest]
-KeyLength =  2048
-Exportable = TRUE
-MachineKeySet = TRUE
-SMIME = FALSE
-RequestType =  PKCS10
-ProviderName = `"Microsoft RSA SChannel Cryptographic Provider`"
-ProviderType =  12
-HashAlgorithm = sha256
-;Variables
-Subject = `"CN={{CN}},OU={{OU}},O={{O}},L={{L}},S={{S}},C={{C}}`"
-[Extensions]
-{{SAN}}
-;Certreq info
-;http://technet.microsoft.com/en-us/library/dn296456.aspx
-;CSR Decoder
-;https://certlogik.com/decoder/
-;https://ssltools.websecurity.symantec.com/checker/views/csrCheck.jsp
-"
-$request['SAN_string'] = & {
-	if ($request['SAN'].Count -gt 0) {
-		$san = "2.5.29.17 = `"{text}`"
-"
-		Foreach ($sanItem In $request['SAN'].Values) {
-			$san += "_continue_ = `"dns="+$sanItem+"&`"
-"
-		}
-		return $san
-	}
-}
-$settingsInf = $settingsInf.Replace("{{CN}}",$request['CN']).Replace("{{O}}",$request['O']).Replace("{{OU}}",$request['OU']).Replace("{{L}}",$request['L']).Replace("{{S}}",$request['S']).Replace("{{C}}",$request['C']).Replace("{{SAN}}",$request['SAN_string'])
-# Save settings to file in temp
-$settingsInf > $files['settings']
-# Done, we can start with the CSR
-Clear-Host
-#################################
-# CSR TIME
-#################################
-# Display summary
-Write-Host "Certificate information
-Common name: $($request['CN'])
-Organisation: $($request['O'])
-Organisational unit: $($request['OU'])
-City: $($request['L'])
-State: $($request['S'])
-Country: $($request['C'])
-Subject alternative name(s): $($request['SAN'].Values -join ", ")
-Signature algorithm: SHA256
-Key algorithm: RSA
-Key size: 2048
-" -ForegroundColor Yellow
-certreq -new $files['settings'] $files['csr'] > $null
-# Output the CSR
-$CSR = Get-Content $files['csr']
-Write-Output $CSR
-Write-Host "
-"
-# Set the Clipboard (Optional)
-Write-Host "Copy CSR to clipboard? (y|n): " -ForegroundColor Yellow -NoNewline
-if ((Read-Host) -ieq "y") {
-	$csr | clip
-	Write-Host "Check your ctrl+v
-"
-}
-########################
-# Remove temporary files
-########################
-$files.Values | ForEach-Object {
-    Remove-Item $_ -ErrorAction SilentlyContinue
-}
-</code>
-----
-====CertReq2023====
-<code>
-# User CertReq in Powershell to create your cert using the SHA256 (SHA-256) signature algorithm and a 2048 bit key size (RSA)  ##
-<#
-JWJ0215 2023
-#>
-# This will create your inf and save to your personal folder  'C:\Users\your name\'
-$Date = (Get-Date).ToString('ddMMyyyy')
-$ReqFile = "Cert_Req-$CodeSigning-" + "$Date" + ".req"
-$InfFile = @"
-    [NewRequest]`r
-    Subject = "CN=$CodeSigningCert"`r
-    KeySpec = 1
-    KeyLength = 2048
-    Exportable = TRUE`r
-    RequestType = CMC`r
-"@
-    Write-Host "Generating Certificate Request file..." -ForegroundColor Yellow;
-    $FinalInfFile = "Cert_Req_Inf-JWJ0215" + "$Date" + ".inf"
-    New-Item $FinalInfFile -type file -value $InfFile
-    cmd /c "certreq -new $FinalInfFile $ReqFile"
-    Write-Host " "
-    Write-Host "Certificate request file for $WebsiteName successfully generated!" -foregroundcolor DarkGreen;
-</code>
-----
-=====Certs TEXT=====
-====Certs.txt====
-<code>
-C:\ServiceNow MID Server SNOW-MID-S02\agent\jre\bin>keytool -import -alias thedacaresandcert -file "C:\Users\jwj0215admin\Desktop\thedacaresand2.cer" -keystore "C:\ServiceNow MID Server SNOW-MID-S02\agent\jre\lib\security\cacerts"
-changeit
-Delete the Cert
-keytool -delete -noprompt -alias ${thedacaresandcrt} -storepass ${changeit}
-</code>
-----