Bill-Stewart · January 30, 2025 17:31
diff --git a/New-OpenSSLCertReq.ps1 b/New-OpenSSLCertReq.ps1
 # New-OpenSSLCertReq.ps1
 # Written by Bill Stewart (bstewart AT iname.com)

 #requires -version 3

 <#
 .SYNOPSIS

 Generates a private key and certificate signing request (CSR) using OpenSSL.

 .DESCRIPTION

 Generates a private key and certificate signing request (CSR) using OpenSSL. Requires OpenSSL be in the system Path.

 .Parameter Path

 Specifies the path to the OpenSSL CSR configuration file.

 .NOTES

 Suggested OpenSSL configuration file format for a web server CSR:

 ----------------------------------------

 [req]
 distinguished_name = req_distinguished_name
 req_extensions = req_ext
 prompt = no

 [req_distinguished_name]
 C = <country>
 ST = <state>
 L = <locality>
 O = <organization>
 CN = <full DNS hostname>

 [req_ext]
 keyUsage = digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth, clientAuth
 subjectKeyIdentifier = hash
 subjectAltName = @alt_names

 [alt_names]
 DNS.1 = <full DNS hostname>

 ----------------------------------------

 The first subject alternative name (SAN) hostname in the [alt_names] section must match the CN of the hostname in the [req_distinguished_name] section. Additional alternative DNS names can be specified as DNS.2, DNS.3, etc.

 Below is a sample OpenSSL web server CSR configuration file:

 # fabrikam.cnf
 [req]
 distinguished_name = req_distinguished_name
 req_extensions = req_ext
 prompt = no

 [req_distinguished_name]
 C = US
 ST = New Mexico
 L = Albuquerque
 O = Fabrikam Inc.
 CN = fabrikam.local

 [req_ext]
 keyUsage = digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth, clientAuth
 subjectKeyIdentifier = hash
 subjectAltName = @alt_names

 [alt_names]
 DNS.1 = fabrikam.local
 DNS.2 = www.fabrikam.local

 .EXAMPLE

 PS C:\> New-OpenSSLCertReq fabrikam.cnf

 See NOTES for the content of the fabrikam.cnf file. This command will generate a private key file fabrikam.key and certificate signing request (CSR) file fabrikam.csr in the same path as the fabrikam.cnf file. If either the key or csr file already exist, you will be prompted to overwrite them. You can bypass the prompt and force file overwiting by speciying -Confirm:$false.

 .LINK

 OpenSSL documentation - https://docs.openssl.org/
 #>

 [CmdletBinding(SupportsShouldProcess,ConfirmImpact = "High")]
 param(
  [Parameter(Mandatory)]
  [ValidateNotNullOrEmpty()]
  [String]
  $Path
 )

 # openssl executable must be in the Path
 $OpenSSL = Get-Command "openssl" -ErrorAction Stop |
  Select-Object -ExpandProperty Source

 # Resolve full path and filename of OpenSSL CSR configuration file
 $Path = Resolve-Path $Path -ErrorAction Stop |
  Select-Object -ExpandProperty Path


 # Generate private key ('openssl genpkey')
 $OutputFilePath = "{0}.key" -f (Join-Path (Split-Path $Path -Parent) `
  ([IO.Path]::GetFileNameWithoutExtension($Path)))
 $CreateFile = -not (Test-Path -LiteralPath $OutputFilePath)
 if ( -not $CreateFile ) {
  $CreateFile = $PSCmdlet.ShouldProcess($OutputFilePath,"Overwrite file")
 }
 if ( $CreateFile ) {
  & $OpenSSL genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -quiet -out $OutputFilePath
  if ( $LASTEXITCODE -ne 0 ) {
    exit $LASTEXITCODE
  }
  Write-Host "Private key file: '$OutputFilePath'"
 }
 $PrivateKeyFilePath = $OutputFilePath


 # Generate CSR ('openssl req -new') using private key file
 $OutputFilePath = "{0}.csr" -f (Join-Path (Split-Path $Path -Parent) `
  ([IO.Path]::GetFileNameWithoutExtension($Path)))
 $CreateFile = -not (Test-Path -LiteralPath $OutputFilePath)
 if ( -not $CreateFile ) {
  $CreateFile = $PSCmdlet.ShouldProcess($OutputFilePath,"Overwrite file")
 }
 if ( $CreateFile ) {
  & $OpenSSL req -new -key $PrivateKeyFilePath -out $OutputFilePath -config $Path
  if ( $LASTEXITCODE -ne 0 ) {
    exit $LASTEXITCODE
  }
  Write-Host "Certificate request file: '$OutputFilePath'"
 }
	# New-OpenSSLCertReq.ps1
	# Written by Bill Stewart (bstewart AT iname.com)

	#requires -version 3

	<#
	.SYNOPSIS

	Generates a private key and certificate signing request (CSR) using OpenSSL.

	.DESCRIPTION

	Generates a private key and certificate signing request (CSR) using OpenSSL. Requires OpenSSL be in the system Path.

	.Parameter Path

	Specifies the path to the OpenSSL CSR configuration file.

	.NOTES

	Suggested OpenSSL configuration file format for a web server CSR:

	----------------------------------------

	[req]
	distinguished_name = req_distinguished_name
	req_extensions = req_ext
	prompt = no

	[req_distinguished_name]
	C = <country>
	ST = <state>
	L = <locality>
	O = <organization>
	CN = <full DNS hostname>

	[req_ext]
	keyUsage = digitalSignature, keyEncipherment
	extendedKeyUsage = serverAuth, clientAuth
	subjectKeyIdentifier = hash
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = <full DNS hostname>

	----------------------------------------

	The first subject alternative name (SAN) hostname in the [alt_names] section must match the CN of the hostname in the [req_distinguished_name] section. Additional alternative DNS names can be specified as DNS.2, DNS.3, etc.

	Below is a sample OpenSSL web server CSR configuration file:

	# fabrikam.cnf
	[req]
	distinguished_name = req_distinguished_name
	req_extensions = req_ext
	prompt = no

	[req_distinguished_name]
	C = US
	ST = New Mexico
	L = Albuquerque
	O = Fabrikam Inc.
	CN = fabrikam.local

	[req_ext]
	keyUsage = digitalSignature, keyEncipherment
	extendedKeyUsage = serverAuth, clientAuth
	subjectKeyIdentifier = hash
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = fabrikam.local
	DNS.2 = www.fabrikam.local

	.EXAMPLE

	PS C:\> New-OpenSSLCertReq fabrikam.cnf

	See NOTES for the content of the fabrikam.cnf file. This command will generate a private key file fabrikam.key and certificate signing request (CSR) file fabrikam.csr in the same path as the fabrikam.cnf file. If either the key or csr file already exist, you will be prompted to overwrite them. You can bypass the prompt and force file overwiting by speciying -Confirm:$false.

	.LINK

	OpenSSL documentation - https://docs.openssl.org/
	#>

	[CmdletBinding(SupportsShouldProcess,ConfirmImpact = "High")]
	param(
	[Parameter(Mandatory)]
	[ValidateNotNullOrEmpty()]
	[String]
	$Path
	)

	# openssl executable must be in the Path
	$OpenSSL = Get-Command "openssl" -ErrorAction Stop \|
	Select-Object -ExpandProperty Source

	# Resolve full path and filename of OpenSSL CSR configuration file
	$Path = Resolve-Path $Path -ErrorAction Stop \|
	Select-Object -ExpandProperty Path


	# Generate private key ('openssl genpkey')
	$OutputFilePath = "{0}.key" -f (Join-Path (Split-Path $Path -Parent) `
	([IO.Path]::GetFileNameWithoutExtension($Path)))
	$CreateFile = -not (Test-Path -LiteralPath $OutputFilePath)
	if ( -not $CreateFile ) {
	$CreateFile = $PSCmdlet.ShouldProcess($OutputFilePath,"Overwrite file")
	}
	if ( $CreateFile ) {
	& $OpenSSL genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -quiet -out $OutputFilePath
	if ( $LASTEXITCODE -ne 0 ) {
	exit $LASTEXITCODE
	}
	Write-Host "Private key file: '$OutputFilePath'"
	}
	$PrivateKeyFilePath = $OutputFilePath


	# Generate CSR ('openssl req -new') using private key file
	$OutputFilePath = "{0}.csr" -f (Join-Path (Split-Path $Path -Parent) `
	([IO.Path]::GetFileNameWithoutExtension($Path)))
	$CreateFile = -not (Test-Path -LiteralPath $OutputFilePath)
	if ( -not $CreateFile ) {
	$CreateFile = $PSCmdlet.ShouldProcess($OutputFilePath,"Overwrite file")
	}
	if ( $CreateFile ) {
	& $OpenSSL req -new -key $PrivateKeyFilePath -out $OutputFilePath -config $Path
	if ( $LASTEXITCODE -ne 0 ) {
	exit $LASTEXITCODE
	}
	Write-Host "Certificate request file: '$OutputFilePath'"
	}