...
Run the following commands to create the temporary files for the certificate policy file and certificate request file:
Code Block $cert_file_inf = New-TemporaryFile $cert_file_req = New-TemporaryFile
Run the following commands to create the certificate policy filetemplate file for certreq.exe (aka the certificate .INF file):
Info Certreq reference: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certreq_1
Quick notes on the template contents:
Expand Exportable = this allows the certificate to be exported by Windows
MachineKeySet = specifies that certificates will be created in the computer store instead of the user running the commands; requires Administrator privileges to perform
Code Block $cert_file_content = @" [Version] Signature=`"`$Windows NT`$`" [NewRequest] Subject=`"CN=$cert_fqdn`" Exportable=TRUE MachineKeySet=TRUE KeyLength=2048 [Extensions] 2.5.29.17=`"{text}`" _continue_=`"DNS=$cert_fqdn&`" "@ Set-Content -Path $cert_file_inf -Value $cert_file_contentRun the following commands to add any optional DNS subject alternate names to the certificate policy file:
Code Block ForEach ($san in $cert_sans) {Add-Content -Path $cert_file_inf -Value ("_continue_=`"DNS=$san&`"")}Run the following commands to add any optional IP Address subject alternate names to the certificate policy file:
Code Block ForEach ($ipaddr in $cert_ipaddrs) {Add-Content -Path $cert_file_inf -Value ("_continue_=`"IPAddress=$ipaddr&`"")}Run the following commands to review the certificate policy file:
Code Block Get-Content $cert_file_inf
Run the following commands to create the certificate request file:
Code Block certreq -new -f $cert_file_inf $cert_file_req
Run the following commands to review the certificate request:
Code Block Get-Content $cert_file_req
Run the following commands to retrieve the certificate request file name:
Code Block Get-Item $cert_file_req
...