Create the Austin certificate via PowerShell
Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template
Open an administrative PowerShell prompt
In the same administrative PowerShell prompt, navigate to the location where the certificate request should be created:
#example Set-Location C:\Working
In the same administrative PowerShell prompt, run the following command to set the subject, any optional DNS or IP Address subject alternate names, and template of the certificate:
$cert_url = <FQDN for the certificate> $cert_sans = @("<certificate SAN #1>","<certificate SAN #2>",...) $cert_ipaddrs = @("<certificate IP address #1>","<certificate IP address #2>",...)In the same administrative PowerShell session, run one of the following:
For VMware SSL certificates, run the following:
$cert_template = "VMwareSSL6.5"
In the same administrative PowerShell prompt, run the following to create the INF file then open the INF file to review the output:
$cert_file = $cert_url + "_" + (Get-Date -Format yyyyMMdd-HHmmss) $cert_file_inf = ((Get-Location).Path + "\" + $cert_file + ".inf") $cert_file_content = @" [Version] Signature=`"`$Windows NT`$`" [NewRequest] Subject=`"CN=$cert_url`" Exportable=TRUE MachineKeySet=TRUE KeyLength=2048 [Extensions] 2.5.29.17=`"{text}`" _continue_=`"DNS=$cert_url&`" "@ New-Item $cert_file_inf -Type File -Force Set-Content $cert_file_inf $cert_file_contentIn the same administrative PowerShell prompt, run the following to add any DNS subject alternate names to the INF file:
ForEach ($san in $cert_sans) {Add-Content $cert_file_inf ("_continue_=`"DNS=$san&`"")}In the same administrative PowerShell prompt, run the following to add any IP Address subject alternate names to the INF file:
ForEach ($ipaddr in $cert_ipaddrs) {Add-Content $cert_file_inf ("_continue_=`"IPAddress=$ipaddr&`"")}In the same administrative PowerShell prompt, run the following to create the request, submit the request to a certificate authority, then accept the response:
$cert_file_req = ((Get-Location).Path + "\" + $cert_file + ".req") $cert_file_cer = ((Get-Location).Path + "\" + $cert_file + ".cer") certreq -new $cert_file_inf $cert_file_req certreq -submit -attrib ("CertificateTemplate:" + $cert_template) $cert_file_req $cert_file_cer certreq -accept $cert_file_cer
Export the Austin certificate via PowerShell
Log into a server joined to the Austin Active Directory as a user with permissions to request a certificate from the desired template
Open an administrative PowerShell prompt
In the same administrative PowerShell prompt, run the following command to set the filename and subject of the certificate:
$cert_url = <FQDN for the certificate>
In the same administrative PowerShell prompt, run one or more of the following to export the certificate:
To export the public and private keys to a PFX file, run the following commands:
$cert_file = $cert_url.Split(".")[0] + "_" + (Get-Date -Format yyyyMMdd-HHmmss) $cert_file_pfx = ((Get-Location).Path + "\" + $cert_file + ".pfx") $cert_cred = Get-Credential -Credential "Certificate" $cert_obj = Get-ChildItem -Path "cert:\LocalMachine\My" | Where-Object {$_.Subject -match $cert_url} | Sort-Object NotBefore -Descending | Select-Object -First 1 $cert_obj | Export-PfxCertificate -FilePath $cert_file_pfx -Password $cert_cred.PasswordTo export the public key to a CRT and a PEM file, run the following commands:
$cert_file = $cert_url.Split(".")[0] + "_" + (Get-Date -Format yyyyMMdd-HHmmss) $cert_file_crt = ((Get-Location).Path + "\" + $cert_file + ".crt") $cert_file_pem = ((Get-Location).Path + "\" + $cert_file + ".pem") $cert_obj = Get-ChildItem -Path "cert:\LocalMachine\My" | Where-Object {$_.Subject -match $cert_url} | Sort-Object NotBefore -Descending | Select-Object -First 1 $cert_obj | Export-Certificate -FilePath $cert_file_crt $cert_pem = [System.Convert]::ToBase64String((Get-Content -Path $cert_file_crt -Encoding Byte)) -replace '.{64}',"`$&`r`n" ("-----BEGIN CERTIFICATE-----", $cert_pem,"-----END CERTIFICATE-----") -join "`r`n" | Out-File -FilePath $cert_file_pem -Encoding ASCII -Force