Skip to content

Commit facaafc

Browse files
author
James M. Cook
committed
Added friendly name as an optional value.
1 parent b7726ec commit facaafc

File tree

1 file changed

+36
-29
lines changed

1 file changed

+36
-29
lines changed

Request-Certificate.ps1

Lines changed: 36 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ Kudos to jbpaux for contributing improvements and fixes on GitHub!
3333
#>
3434

3535
<#
36-
.SYNOPSIS
36+
.SYNOPSIS
3737
Requests a certificate from a Windows CA
3838
3939
.DESCRIPTION
@@ -46,9 +46,9 @@ The CA must support this type of certificate otherwise the request will fail.
4646
4747
With the Export parameter it's also possible to export the requested certificate (with private key) directly to a .pfx file instead of storing it in the local computer store.
4848
49-
You can also use the Import-CSV cmdlet with Request-Certificate.ps1 to request multiple certificates.
49+
You can also use the Import-CSV cmdlet with Request-Certificate.ps1 to request multiple certificates.
5050
To do this, use the Import-CSV cmdlet to create custom objects from a comma-separated value (CSV) file that contains a list of object properties (such as CN, SAN etc. ). Then pass these objects through the pipeline to Request-Certificate.ps1 to request the certificates.
51-
51+
5252
.PARAMETER CN
5353
Specifies the common name for the subject of the certificate(s).
5454
Mostly its the FQDN of a website or service.
@@ -57,15 +57,15 @@ e.g. test.jofe.ch
5757
.PARAMETER SAN
5858
Specifies a comma separated list of subject alternate names (FQDNs) for the certificate
5959
The syntax is {tag}={value}.
60-
Valid tags are: email, upn, dns, guid, url, ipaddress, oid
60+
Valid tags are: email, upn, dns, guid, url, ipaddress, oid
6161
e.g. dns=test.jofe.ch,[email protected]
6262
6363
.PARAMETER TemplateName
64-
Specifies the name for the temple of the CA to issue the certificate(s).
64+
Specifies the name for the temple of the CA to issue the certificate(s).
6565
The default value is "WebServer".
6666
6767
.PARAMETER KeyLength
68-
Specifies the key length in Bit for the certificate.
68+
Specifies the key length in Bit for the certificate.
6969
Possible Values: 1024,2048,3072,4096,15360
7070
Default Value: 2048
7171
@@ -94,6 +94,10 @@ e.g. jofe.ch
9494
Specifies the optional department value in the subject of the certificate(s).
9595
e.g. IT
9696
97+
.PARAMETER FriendlyName
98+
Specifies the optional friendly name value of the certificate(s).
99+
e.g. "[CA Issued by] My Certificate"
100+
97101
.PARAMETER AddCNinSAN
98102
Specifies the CN will be added to the SAN list if not already provided. This ensures compatibility with
99103
modern browsers.
@@ -110,7 +114,7 @@ Specify the Password (as plain String or SecureString) used on the export.
110114
111115
.INPUTS
112116
System.String
113-
Common name for the subject, SAN , Country, State etc. of the certificate(s) as a string
117+
Common name for the subject, SAN , Country, State etc. of the certificate(s) as a string
114118
115119
.OUTPUTS
116120
None. Request-Certificate.ps1 does not generate any output.
@@ -133,33 +137,33 @@ The user will be asked for the value for the CN of the certificate.
133137
134138
.EXAMPLE
135139
C:\PS> .\Request-Certificate.ps1 -CN "webserver.test.ch" -CAName "testsrv.test.ch\Test CA" -TemplateName "Webservercert"
136-
140+
137141
Description
138142
-----------
139143
This command requests a certificate form the CA testsrv.test.ch\Test CA with the certificate template "Webservercert"
140144
and a CN of webserver.test.ch
141-
The user will be asked for the value for the SAN of the certificate.
145+
The user will be asked for the value for the SAN of the certificate.
146+
142147
143-
144148
.EXAMPLE
145149
Get-Content .\certs.txt | .\Request-Certificate.ps1 -Export
146150
147151
Description
148152
-----------
149-
Gets common names from the file certs.txt and request for each a certificate.
153+
Gets common names from the file certs.txt and request for each a certificate.
150154
Each certificate will then be saved withe the private key in a .pfx file.
151155
152156
.EXAMPLE
153157
C:\PS> .\Request-Certificate.ps1 -CN "webserver.test.ch" -SAN "DNS=webserver.test.ch,DNS=srvweb.test.local"
154-
158+
155159
Description
156160
-----------
157161
This command requests a certificate with a CN of webserver.test.ch and subject alternative names (SANs)
158162
The SANs of the certificate are the DNS names webserver.test.ch and srvweb.test.local.
159163
160164
.EXAMPLE
161165
C:\PS> Import-Csv .\sancertificates.csv -UseCulture | .\Request-Certificate.ps1 -verbose -Export -CAName "testsrv.test.ch\Test CA"
162-
166+
163167
Description
164168
-----------
165169
This example requests multiple SAN certificates from the "Test CA" CA running on the server "testsrv.test.ch".
@@ -171,15 +175,15 @@ CN;SAN
171175
test1.test.ch;DNS=test1san1.test.ch,DNS=test1san2.test.ch
172176
test2.test.ch;DNS=test2san1.test.ch,DNS=test2san2.test.ch
173177
test3.test.ch;DNS=test3san1.test.ch,DNS=test3san2.test.ch
174-
178+
175179
.NOTES
176180
177181
Version : 1.4, 01/31/2019
178-
Changes :
182+
Changes :
179183
Thanks to David Allsopp c/o dra27 on GitHub
180-
- Better default for CAName so it is not needed when only one CA is available.
184+
- Better default for CAName so it is not needed when only one CA is available.
181185
- ProviderName specified in the request inf file
182-
186+
183187
Version : 1.3, 10/20/2018
184188
Changes :
185189
- Improvements in temp file handling
@@ -219,6 +223,8 @@ Param(
219223
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
220224
[string]$Department,
221225
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
226+
[string]$FriendlyName,
227+
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
222228
[switch]$AddCNinSAN,
223229
[Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $True, ParameterSetName='Export')]
224230
[switch]$Export,
@@ -272,11 +278,12 @@ KeySpec=1
272278
Exportable = TRUE
273279
RequestType = PKCS10
274280
ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"
281+
FriendlyName = "$FriendlyName"
275282
[RequestAttributes]
276283
CertificateTemplate = "$TemplateName"
277284
"@
278285

279-
286+
280287
#check if SAN certificate is requested
281288
if ($PSBoundParameters.ContainsKey('SAN')) {
282289
#each SAN must be a array element
@@ -299,9 +306,9 @@ CertificateTemplate = "$TemplateName"
299306
Write-Host "Requesting SAN certificate with subject $CN and SAN: $($SAN -join ',')" -ForegroundColor Green
300307
Write-Debug "Parameter values: CN = $CN, TemplateName = $TemplateName, CAName = $CAName, SAN = $($SAN -join ' ')"
301308

302-
Write-Verbose "A value for the SAN is specified. Requesting a SAN certificate."
309+
Write-Verbose "A value for the SAN is specified. Requesting a SAN certificate."
303310
Write-Debug "Add Extension for SAN to the inf file..."
304-
$file +=
311+
$file +=
305312
@'
306313
307314
[Extensions]
@@ -336,7 +343,7 @@ CertificateTemplate = "$TemplateName"
336343
#write the file to debug logs (if debug enabled)
337344
Write-Debug $file
338345
#create new request inf file
339-
Set-Content -Path $inf -Value $file
346+
Set-Content -Path $inf -Value $file
340347

341348
#show inf file if -verbose is used
342349
Get-Content -Path $inf | Write-Verbose
@@ -349,7 +356,7 @@ CertificateTemplate = "$TemplateName"
349356

350357
write-verbose "Sending certificate request to CA"
351358
Write-Debug "CAName = $CAName"
352-
359+
353360
if (!$PSBoundParameters.ContainsKey('CAName')) {
354361
$rootDSE = [System.DirectoryServices.DirectoryEntry]'LDAP://RootDSE'
355362
$searchBase = [System.DirectoryServices.DirectoryEntry]"LDAP://$($rootDSE.configurationNamingContext)"
@@ -384,7 +391,7 @@ CertificateTemplate = "$TemplateName"
384391

385392
if (($LastExitCode -eq 0) -and ($? -eq $true)) {
386393
Write-Host "Certificate request successfully finished!" -ForegroundColor Green
387-
394+
388395
}
389396
else {
390397
throw "Request failed with unknown error. Try with -verbose -debug parameter"
@@ -405,33 +412,33 @@ CertificateTemplate = "$TemplateName"
405412
Write-Debug "Exporting without password"
406413
$certbytes = $cert.export([System.Security.Cryptography.X509Certificates.X509ContentType]::pfx)
407414
}
408-
415+
409416

410417
#write pfx file
411418
if ($PSBoundParameters.ContainsKey('ExportPath')) {
412-
$pfxPath = Join-Path -Path (Resolve-Path -Path $ExportPath) -ChildPath "$filename.pfx"
419+
$pfxPath = Join-Path -Path (Resolve-Path -Path $ExportPath) -ChildPath "$filename.pfx"
413420
}
414421
else {
415422
$pfxPath = ".\$filename.pfx"
416423
}
417424
$certbytes | Set-Content -Encoding Byte -Path $pfxPath -ea Stop
418425
Write-Host "Certificate successfully exported to `"$pfxPath`"!" -ForegroundColor Green
419-
426+
420427
Write-Verbose "deleting exported certificate from computer store"
421428
# delete certificate from computer store
422429
$certstore = new-object system.security.cryptography.x509certificates.x509Store('My', 'LocalMachine')
423430
$certstore.Open('ReadWrite')
424431
$certstore.Remove($cert)
425-
$certstore.close()
426-
432+
$certstore.close()
433+
427434
}
428435
else {
429436
Write-Debug "export parameter is not set. => script finished"
430437
Write-Host "The certificate with the subject $CN is now installed in the computer store !" -ForegroundColor Green
431438
}
432439
}
433440
catch {
434-
#show error message (non terminating error so that the rest of the pipeline input get processed)
441+
#show error message (non terminating error so that the rest of the pipeline input get processed)
435442
Write-Error $_
436443
}
437444
finally {

0 commit comments

Comments
 (0)