Generate SSL Certificate with PowerShell

  • by

Steps to Generate SSL Certificate with PowerShell

  1. Replace the $CommonName & $SANNames with your own FQDN to be included in SSL Certificate
#Prepare CSR File with SAN 
$CommonName = "webmail.aventislab.com"
$SANNames = @("autodiscover.aventislab.com","mail.aventislab.com") 
$Date = (Get-Date).ToString('ddMMyyyy')
$ReqFile = "Cert_Req-$CommonName-" + "$Date" + ".csr"

$InfFile = @"
        [NewRequest]
        Subject = "CN=$CommonName"
        KeySpec = 1
        KeyLength = 2048
        Exportable = TRUE
        RequestType = CMC
        MachineKeySet = TRUE
        [Extensions] 
        2.5.29.17 = "{text}"
        _continue_ = "DNS=$CommonName&"
"@

#For SAN Name
$i=0

if ($i -lt $SANNames.Length) {

 foreach ($SANName in $SANNames[$i]) {

    $InfFile = $InfFile + @" 

        _continue_ = "DNS=$SANName&"
"@
    }
    $i++
}

#to remove & for the last SAN name
$LastItem = $SANNames[$SANNames.Length-1]

$InfFile = $InfFile + @"

        _continue_ = "DNS=$LastItem"
"@

$FinalInfFile = "Cert_Req_Inf-$CommonName-" + $Date + ".inf"

New-Item $FinalInfFile -type file -value $InfFile -Force

cmd /c "certreq -new $FinalInfFile $ReqFile"
  1. Submit the generated CSR to Internal Microsoft CA Server
cmd /c "certreq.exe -attrib "CertificateTemplate:webserver" -submit $ReqFile"

Select the Certication Authority and click OK
PS-SSLCert-01

Save the cer file as lab.cer
PS-SSLCert-02

  1. Install the SSL Certificate to Local Machine Store
cmd /c "certreq -accept -machine C:\temp\lab.cer"

PS-SSLCert-03

Reference
1. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certreq_1
2. https://blogs.technet.microsoft.com/pki/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually/