Clever Geek Handbook

Powershell Scripts SSL Signing CSR with CA?

I am in a situation where I need to deploy about 200 SSL certificates to various devices of our Agency (HP iLO is such a joy they bring ...). I currently have a powershell script that gets the CSR from the iLO device, but now I need to be able to auto-sign this with our CA so that I can go back to the script and import into the device.

We are using Microsoft Certification Services and I can upload a CA certificate, certificate chain or CRL if needed.

I don't care how I get the signed certificate - I mean if powershell needs to call an external application to be signed then everything is fine. I've looked at makecert.exe in the .NET SDK but it doesn't seem to do the job.

I have a feeling that this is possible with OpenSSL. If someone could enlighten me, that would be great.

Greetings

+2


source to share


3 answers


Today, when dealing with Microsoft Engineer, the most elegant solution when using the existing infrastructure is to use certreq.exe. Once you have your CSR, you can run this command to get a certificate using MS CA:

certreq.exe -attrib "CertificateTemplate:WebServer" infile.csr outfile.cer


from there you get the certificate using Get-Content outfile.cer to put it back in your script.

Greetings

0


source


This article describes the steps to create a CA and CSR signing from IIS: Create a self-signed certificate using OpenSSL for use with Microsoft Internet Information Services (IIS) 5



You can export the CA to a format that OpenSSL can read and follow the steps after Sign the Certificate Request.

0


source


There is a FAQ for OpenSSL on managing CAs with the tool.

http://www.gtlib.cc.gatech.edu/pub/linux/docs/HOWTO/other-formats/html_single/SSL-Certificates-HOWTO.html

I have successfully used OpenSSL to create and manage Root CA, CSR Mark and Generate Certificates.

Powershell can't handle this natively, but it can interact and script the whole process, definitely.

-Oisin

0


source






More articles:


All Articles