Skip to content

Commit b21b68b

Browse files
J0F3J0F3
authored
Merge pull request #15 from jbpaux/feature/CNinSANSwitch
Add CN in SAN list
2 parents f67da14 + 97e61bf commit b21b68b

File tree

1 file changed

+22
-4
lines changed

1 file changed

+22
-4
lines changed

Request-Certificate.ps1

Lines changed: 22 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<#
1+
<#
22
.SYNOPSIS
33
Requests a certificate from a Windows CA
44
@@ -60,6 +60,10 @@ e.g. jofe.ch
6060
Specifies the optional department value in the subject of the certificate(s).
6161
e.g. IT
6262
63+
.PARAMETER AddCNinSAN
64+
Specifies the CN will be added to the SAN list if not already provided. This ensures compatibility with
65+
modern browsers.
66+
6367
.PARAMETER Export
6468
Exports the certificate and private key to a pfx file instead of installing it in the local computer store.
6569
By default the certificate will be installed in the local computer store.
@@ -180,6 +184,8 @@ Param(
180184
[string]$Organisation,
181185
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
182186
[string]$Department,
187+
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
188+
[switch]$AddCNinSAN,
183189
[Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $True, ParameterSetName='Export')]
184190
[switch]$Export,
185191
[Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $True, ParameterSetName='Export')]
@@ -236,19 +242,29 @@ ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"
236242
CertificateTemplate = "$TemplateName"
237243
"@
238244

239-
Write-Debug "Inf-File: $file"
240-
245+
241246
#check if SAN certificate is requested
242247
if ($PSBoundParameters.ContainsKey('SAN')) {
243248
#each SAN must be a array element
244249
#if the array has ony one element then split it on the commas.
245250
if (($SAN).count -eq 1) {
246251
$SAN = @($SAN -split ',')
247252
}
253+
}
254+
255+
if ($AddCNinSAN) {
256+
$SAN = "DNS=$CN" + $SAN #Add CN as first SAN entry
257+
}
258+
259+
# Remove Potential duplicates (if CN was already provided in SAN list)
260+
$SAN = $SAN | Select-Object -Unique
261+
262+
263+
if ($SAN.Count -gt 0) {
248264

249265
Write-Host "Requesting SAN certificate with subject $CN and SAN: $($SAN -join ',')" -ForegroundColor Green
250266
Write-Debug "Parameter values: CN = $CN, TemplateName = $TemplateName, CAName = $CAName, SAN = $($SAN -join ' ')"
251-
267+
252268
Write-Verbose "A value for the SAN is specified. Requesting a SAN certificate."
253269
Write-Debug "Add Extension for SAN to the inf file..."
254270
$file +=
@@ -271,6 +287,8 @@ CertificateTemplate = "$TemplateName"
271287
Write-Debug "Parameter values: CN = $CN, TemplateName = $TemplateName, CAName = $CAName"
272288
}
273289

290+
Write-Debug "Inf-File: $file"
291+
274292
try {
275293
#create temp files
276294
$inf = [System.IO.Path]::GetTempFileName()

0 commit comments

Comments
 (0)