powershell 向内部证书颁发机构申请证书

Posted PS_cmdlet

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了powershell 向内部证书颁发机构申请证书相关的知识,希望对你有一定的参考价值。

此篇文章仅作为知识积累和记录, 懂得都懂, 不懂的,看官网就可以懂

涉及到两个工具 ​​CertReq​​​ 和 ​​certutil​

$certpath = "D:\\CertRequest"
$pfx_files_path = "D:\\pfxfiles"
$CA = "CA001.contoso.com\\ROOTCA01"
$certtemplate = "ServersTemplate"
$requestfile = Get-Content "D:\\CertRequest.txt"
foreach ($requestcert in $requestfile)

$subjectname = $requestcert # Read-Host "what is the FQDN like abc.contoso.com?" #set certificate FQDN
$inf_filefullpath = "$certpath\\$subjectname.inf"
$req_filefullpath = "$certpath\\$subjectname.req"
$cer_filefullpath = "$certpath\\$subjectname.cer"
$pfx_filefullpath = "$certpath\\$subjectname.pfx"
$pwd_filefullpath = "$certpath\\$subjectname" + "pwd.txt"
$cersn_exportpath = "$certpath\\$subjectname" + "sn.txt"
"[Version]" | Out-File -Append $inf_filefullpath
Signature="$Windows NT$" | Out-File -Append $inf_filefullpath
"`n" | Out-File -Append $inf_filefullpath
"[NewRequest]" | Out-File -Append $inf_filefullpath
"Subject=CN=" + "`"" + $subjectname + "`"" | Out-File -Append $inf_filefullpath
"KeyLength = 2048" | Out-File -Append $inf_filefullpath
"Exportable = true" | Out-File -Append $inf_filefullpath
"`n" | Out-File -Append $inf_filefullpath
"[RequestAttributes]" | Out-File -Append $inf_filefullpath
"CertificateTemplate=$certtemplate" | Out-File -Append $inf_filefullpath

CertReq -New -f $inf_filefullpath $req_filefullpath

CertReq -Submit -f -config $CA $req_filefullpath $cer_filefullpath

certreq -accept $cer_filefullpath

certutil -verify $cer_filefullpath | findstr -i number > $cersn_exportpath
$SN = (Get-Content $cersn_exportpath).Substring(20)
$pfxpwd = abc123 # set pfx file password

certutil -f -p $pfxpwd -exportpfx $SN $pfx_filefullpath
Get-Item -Path $pfx_filefullpath | Move-Item -Destination $pfx_files_path -Force #move result pfx file to pfxfiles directory

以上是关于powershell 向内部证书颁发机构申请证书的主要内容,如果未能解决你的问题,请参考以下文章

#yyds干货盘点#怎样使用cfssl为etcd颁发SSL证书

什么是证书颁发机构(CA)

CA数字证书包含哪些内容?如何查看SSL证书信息?

powershell 此代码块可用于允许Invoke-WebRequest使用没有可信证书颁发机构的SSL地址

服务器证书无效怎么办?已经调整系统时间。

GS使用HTTPS登录的设置过程