############################################################################## ## ## Create ssl certificate on Windows Server 2012 R2 & Win 8.1 ## Created by Stefan Busch ## Date : 12 Oktober 2018 ## Version : 2.0 ## Company: Viu AG ############################################################################## function Set-CertLocation($cerificationPath) { $pathOk = Test-Path $cerificationPath if ($pathOk) { Set-Location $cerificationPath }else { New-Item -ItemType Directory -path $cerificationPath Set-Location $cerificationPath } } function Create-Key($KeyToolPath, $KeyName, $CertPassword) { $keytoolOK = Test-Path $KeyToolPath if ($keytoolOK) { $cmdCreate = "& '$KeyToolPath' -genkeypair -alias " + $KeyName + " -keyalg RSA -keysize 2048 -keypass " + $CertPassword +" -storepass " + $CertPassword +" -validity 9999 -keystore " + $KeyName + ".keystore.jks -ext SAN=DNS:" + $KeyName + ",IP:127.0.0.1 -dname 'CN=" + $KeyName + ", OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country' -noprompt *>&1" $Create = Invoke-Expression -Command $cmdCreate -ErrorVariable KeyToolStdOut -OutVariable KeyToolStdErr -ErrorAction Continue $cmdConvert = "& '$KeyToolPath' -importkeystore -srckeystore " + $KeyName + ".keystore.jks -destkeystore " + $KeyName + ".keystore.p12 -srcstoretype jks -deststoretype pkcs12 -keypass " + $CertPassword +" -storepass " + $CertPassword +" -srcstorepass " + $CertPassword +" -noprompt *>&1" $Convert = Invoke-Expression -Command $cmdConvert -ErrorVariable KeyToolStdOut2 -OutVariable KeyToolStdErr2 -ErrorAction Continue }else { throw 'Keytool is not available' } } function ImportEASCert($strCertPath, $strCertPass) { $fOk = Test-Path "$strCertPath" if ($fOk) { $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $store = New-Object system.security.cryptography.X509Certificates.X509Store "My", "localmachine" $storeRoot = New-Object system.security.cryptography.X509Certificates.X509Store "Root", "localmachine" $absolutePfxFilePath = Resolve-Path -Path $strCertPath Write-Host "Importing store certificate '$absolutePfxFilePath'..." try { $cert.Import($absolutePfxFilePath, $strCertPass, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"Exportable, PersistKeySet") $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) $storeRoot.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) $store.Add($cert) Write-Host "Added Certificate to My/LocalMachine" $storeRoot.Add($cert) Write-Host "Added Certificate to Root/LocalMachine" $cert $store.Close() } catch { throw "Could not Import certificates" } } else { throw "Certificates not available in $CertPath" } } function Create-SslCertification($certParams) { #Create folder for the certificates Set-CertLocation $certParams.CertPath #Create certificate files Create-Key $certParams.KeyTool $certParams.prefix $certParams.Password #Check the certificates and import it to my/- & root/localmachine $certPath = $certParams.CertPath + $certParams.prefix + ".keystore.p12" $certPathOK = Test-Path $certPath if ($certPathOK) { $cert = ImportEASCert $certPath $certParams.Password return $cert.Thumbprint } else { throw "Could not create certificate: $certPath" } }