This repository has been archived by the owner on May 31, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathCreateSecureAppCert.ps1
52 lines (43 loc) · 2.01 KB
/
CreateSecureAppCert.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#=======================================================================================
#region PARAMETERS
#=======================================================================================
Param(
[string]$TenantName,
[string]$ExportPrivateKey,
[string]$ExportPath
)
#endregion
#=======================================================================================
$DateTime = (Get-Date -Format "yyyyMMdd-HHmmss").tostring()
$ShortTenantName = ($TenantName -split "\.")[0]
# Where to export the certificate without the private key
$CerOutputPath = "$ExportPath\$DateTime-$ShortTenantName-AppCert"
# Expiration date of the new certificate
$ExpirationDate = (Get-Date).AddYears(2)
# Splat for readability
$CreateCertificateSplat = @{
FriendlyName = "PSCC-$TenantName-App"
DnsName = $TenantName
CertStoreLocation = "Cert:\CurrentUser\My"
NotAfter = $ExpirationDate
KeyExportPolicy = "Exportable"
KeySpec = "Signature"
Provider = "Microsoft Enhanced RSA and AES Cryptographic Provider"
HashAlgorithm = "SHA256"
}
# Create certificate
$Certificate = New-SelfSignedCertificate @CreateCertificateSplat
# Get certificate path
$CertificatePath = Join-Path -Path "Cert:\CurrentUser\My" -ChildPath $Certificate.Thumbprint
# Export certificate without private key
Export-Certificate -Cert $CertificatePath -FilePath "$CerOutputPath.cer" | Out-Null
if($ExportPrivateKey -eq $true)
{
Write-Host "Please create a password for the certificate which will be exported with the private key: " -ForegroundColor Yellow -NoNewline
$Password = Read-Host -AsSecureString
# Export certificate with private key
Export-PfxCertificate -Cert $CertificatePath -FilePath "$CerOutputPath.pfx" -Password $Password | Out-Null
}
Write-Host "Certificate validity : $($Certificate.NotBefore) through $($Certificate.NotAfter) "
Write-Host "Certificate thumbprint : $($Certificate.Thumbprint)"
Write-Host "Certificate exported to : $CerOutputPath"