Skip to content

Added parameter "IP" in Request-Certificate.ps1 #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
serveradmin09 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Added parameter "IP" in Request-Certificate.ps1 #31

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a7ec273
Request-Certificate.ps1
serveradmin09 May 23, 2025
44d063f
Update Request-Certificate.ps1
serveradmin09 Jun 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 50 additions & 11 deletions Request-Certificate.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,10 @@ The syntax is {tag}={value}.
Valid tags are: email, upn, dns, guid, url, ipaddress, oid
e.g. dns=test.jofe.ch,email=jfeller@jofe.ch

.PARAMETER IP
Specifies a comma separated list IP addresses (IPv4) for the certificate. Will be added as SAN IP object.
e.g. 127.0.0.1,172.0.8.1

.PARAMETER TemplateName
Specifies the name for the temple of the CA to issue the certificate(s).
The default value is "WebServer".
Expand Down Expand Up @@ -151,12 +155,12 @@ Gets common names from the file certs.txt and request for each a certificate.
Each certificate will then be saved withe the private key in a .pfx file.

.EXAMPLE
C:\PS> .\Request-Certificate.ps1 -CN "webserver.test.ch" -SAN "DNS=webserver.test.ch,DNS=srvweb.test.local"
C:\PS> .\Request-Certificate.ps1 -CN "webserver.test.ch" -SAN "DNS=webserver.test.ch,DNS=srvweb.test.local" -IP "192.168.0.1,172.0.8.1"

Description
-----------
This command requests a certificate with a CN of webserver.test.ch and subject alternative names (SANs)
The SANs of the certificate are the DNS names webserver.test.ch and srvweb.test.local.
This command requests a certificate with a CN of webserver.test.ch and subject alternative names (SANs).
The SANs of the certificate are the DNS names webserver.test.ch and srvweb.test.local and the IP addresses 192.168.0.1 and 172.0.8.1

.EXAMPLE
C:\PS> Import-Csv .\sancertificates.csv -UseCulture | .\Request-Certificate.ps1 -verbose -Export -CAName "testsrv.test.ch\Test CA"
Expand All @@ -168,10 +172,10 @@ The first command creates custom objects from a comma-separated value (CSV) file
Each certificate will then be saved with the private key in a .pfx file.

The CSV file look something like this:
CN;SAN
test1.test.ch;DNS=test1san1.test.ch,DNS=test1san2.test.ch
test2.test.ch;DNS=test2san1.test.ch,DNS=test2san2.test.ch
test3.test.ch;DNS=test3san1.test.ch,DNS=test3san2.test.ch
CN;SAN;IP
test1.test.ch;DNS=test1san1.test.ch,DNS=test1san2.test.ch;192.168.0.1,172.0.8.1
test2.test.ch;DNS=test2san1.test.ch,DNS=test2san2.test.ch;192.168.0.2,172.0.8.2
test3.test.ch;DNS=test3san1.test.ch,DNS=test3san2.test.ch;192.168.0.3,172.0.8.3

.NOTES

Expand Down Expand Up @@ -211,6 +215,8 @@ Param(
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
[string[]]$SAN,
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
[string[]]$IP,
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
[String]$TemplateName = "WebServer",
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)]
[ValidateSet(1024,2048,3072,4096,15360)]
Expand Down Expand Up @@ -302,17 +308,24 @@ CertificateTemplate = "$TemplateName"
$SAN = @("DNS=$CN") + $SAN #Add CN as first SAN entry
}

if ($PSBoundParameters.ContainsKey('IP')) {
#IP must be a string
if (($IP).count -eq 1) {
$IP = @($IP -split ',')
}
}

# Remove Potential duplicates (if CN was already provided in SAN list)
$SAN = $SAN | Select-Object -Unique


if ($SAN.Count -gt 0) {
if ($SAN.Count -gt 0 or $IP.Count -gt 0) {

Write-Host "Requesting SAN certificate with subject $CN and SAN: $($SAN -join ',')" -ForegroundColor Green
Write-Host "Requesting SAN certificate with subject $CN and SAN: $($SAN -join ',') and IP: $($IP -join ',')" -ForegroundColor Green
Write-Debug "Parameter values: CN = $CN, TemplateName = $TemplateName, CAName = $CAName, SAN = $($SAN -join ' ')"

Write-Verbose "A value for the SAN is specified. Requesting a SAN certificate."
Write-Debug "Add Extension for SAN to the inf file..."
Write-Verbose "A value for the SAN or IP is specified. Requesting a SAN certificate."
Write-Debug "Add Extension for SAN and IP to the inf file..."
$file +=
@'

Expand All @@ -323,6 +336,32 @@ CertificateTemplate = "$TemplateName"
2.5.29.17 = "{text}"

'@
foreach ($an in $SAN) {
$file += "_continue_ = `"$($an)&`"`n"
}
foreach ($p in $ip) {
$file += "_continue_ = `"IPAddress=$p&`"`n"
}
}
else {
Write-Host "Requesting certificate with ip $p" -ForegroundColor Green
Write-Debug "Parameter values: ip = $ip, TemplateName = $TemplateName, CAName = $CAName"
}

Write-Debug "Inf-File: $file"

if ($IP.Count -gt 0) {

Write-Host "Requesting SAN certificate with subject $CN and IP: $($IP -join ',')" -ForegroundColor Green
Write-Debug "Parameter values: CN = $CN, TemplateName = $TemplateName, CAName = $CAName, SAN = $($SAN -join ' '), IP = $IP"

Write-Verbose "A value for the SAN is specified. Requesting a SAN certificate."
Write-Debug "Add Extension for SAN to the inf file..."
$file +=
@'

'@


foreach ($an in $SAN) {
$file += "_continue_ = `"$($an)&`"`n"
Expand Down