Skip to content

Commit 9bed9a9

Browse files
J0F3J0F3
authored
Merge pull request #4 from vendolis/master
Adding KeyLength parameter and the ability to set a password on export
2 parents d224480 + 4e33461 commit 9bed9a9

File tree

1 file changed

+40
-16
lines changed

1 file changed

+40
-16
lines changed

Request-Certificate.ps1

Lines changed: 40 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -30,18 +30,16 @@ e.g. dns=test.jofe.ch,[email protected]
3030
Specifies the name for the temple of the CA to issue the certificate(s).
3131
The default value is "WebServer".
3232
33+
.PARAMETER KeyLength
34+
Specifies the key length in Bit for the certificate.
35+
Possible Values: 1024,2048,3072,4096,15360
36+
Default Value: 2048
37+
3338
.PARAMETER CAName
3439
Specifies the name of the CA to send the request to in the format FQDN\CAName
3540
If the CAName is not specified, then the directory is queried for a list of enterprise CAs.
3641
If more than one is returned the user is prompted to choose an enterprise CA from the local Active Directory.
3742
38-
.PARAMETER Export
39-
Exports the certificate and private key to a pfx file instead of installing it in the local computer store.
40-
By default the certificate will be installed in the local computer store.
41-
42-
.PARAMETER ExportPath
43-
Path to wich the pfx file should be saved when -Export is specified.
44-
4543
.PARAMETER Country
4644
Specifies two letter for the optional country value in the subject of the certificate(s).
4745
e.g. CH
@@ -62,6 +60,16 @@ e.g. jofe.ch
6260
Specifies the optional department value in the subject of the certificate(s).
6361
e.g. IT
6462
63+
.PARAMETER Export
64+
Exports the certificate and private key to a pfx file instead of installing it in the local computer store.
65+
By default the certificate will be installed in the local computer store.
66+
67+
.PARAMETER ExportPath
68+
Path to wich the pfx file should be saved when -Export is specified.
69+
70+
.PARAMETER Password
71+
Specify the Password (as plain String or SecureString) used on the export.
72+
6573
.INPUTS
6674
System.String
6775
Common name for the subject, SAN , Country, State etc. of the certificate(s) as a string
@@ -149,7 +157,7 @@ www.jfe.cloud
149157
150158
#>
151159

152-
[CmdletBinding()]
160+
[CmdletBinding(DefaultParametersetname="NoExport")]
153161
Param(
154162
[Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)]
155163
[string]$CN,
@@ -158,12 +166,10 @@ Param(
158166
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
159167
[String]$TemplateName = "WebServer",
160168
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
161-
[string]$CAName,
162-
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
163-
[switch]$Export,
169+
[ValidateSet(1024,2048,3072,4096,15360)]
170+
[int]$keyLength = 2048,
164171
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
165-
[ValidateScript( {Resolve-Path -Path $_})]
166-
[string]$ExportPath,
172+
[string]$CAName,
167173
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
168174
[string]$Country,
169175
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
@@ -173,7 +179,16 @@ Param(
173179
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
174180
[string]$Organisation,
175181
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
176-
[string]$Department
182+
[string]$Department,
183+
[Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $True, ParameterSetName='Export')]
184+
[switch]$Export,
185+
[Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $True, ParameterSetName='Export')]
186+
[ValidateScript( {Resolve-Path -Path $_})]
187+
[string]$ExportPath,
188+
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True, ParameterSetName='Export')]
189+
[ValidateScript( {$_.getType().name -eq "SecureString" -or $_.getType().name -eq "String"})]
190+
$Password
191+
177192
)
178193
BEGIN {
179194
#internal function to do some cleanup
@@ -212,7 +227,7 @@ PROCESS {
212227
[NewRequest]
213228
Subject = "CN=$CN,c=$Country, s=$State, l=$City, o=$Organisation, ou=$Department"
214229
MachineKeySet = TRUE
215-
KeyLength = 2048
230+
KeyLength = $KeyLength
216231
KeySpec=1
217232
Exportable = TRUE
218233
RequestType = PKCS10
@@ -221,6 +236,8 @@ ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"
221236
CertificateTemplate = "$TemplateName"
222237
"@
223238

239+
Write-Debug "Inf-File: $file"
240+
224241
#check if SAN certificate is requested
225242
if ($PSBoundParameters.ContainsKey('SAN')) {
226243
#each SAN must be a array element
@@ -324,7 +341,14 @@ CertificateTemplate = "$TemplateName"
324341
Write-Debug "Certificate found in computerstore: $cert"
325342

326343
#create a pfx export as a byte array
327-
$certbytes = $cert.export([System.Security.Cryptography.X509Certificates.X509ContentType]::pfx)
344+
if($Password) {
345+
Write-Debug "Exporting with password"
346+
$certbytes = $cert.export([System.Security.Cryptography.X509Certificates.X509ContentType]::pfx, $Password)
347+
} else {
348+
Write-Debug "Exporting without password"
349+
$certbytes = $cert.export([System.Security.Cryptography.X509Certificates.X509ContentType]::pfx)
350+
}
351+
328352

329353
#write pfx file
330354
if ($PSBoundParameters.ContainsKey('ExportPath')) {

0 commit comments

Comments
 (0)