Share via

Option to sign CSR using powershell in Windows

Melissa Lee 6 Reputation points
2020-12-01T23:44:46.737+00:00

I have created the following CA and Intermediate using powershell New-SelfSignedCertificate.
I now have a CSR which is generated using openssl/from another source.

Is there an option where the CSR can be signed using the similar powershell option in Windows, so I can put it in the script to run, which I can then import the signed certificate back to the other source.

Note: I understand that I can use openssl to sign the CSR, but looking for option in powershell in Windows. Thanks! 

Root CA
$RootCA = New-SelfSignedCertificate -Subject 'CN=KeyCARootCN,O=Test Organisation, OU=Test RootCA,C=AU' -KeyLength 2048 -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256' -KeyExportPolicy Exportable -KeyUsage KeyEncipherment,DataEncipherment,CertSign,DigitalSignature,CRLSign -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -NotAfter (Get-Date).AddYears(40) -KeyUsageProperty All -TextExtension @(“2.5.29.19 ={critical} {text}ca=1&pathlength=5”) -CertStoreLocation Cert:\LocalMachine\My
$RootCA
$RootCAthumbprint = $RootCA.Thumbprint


$CertRootCAPassword = ConvertTo-SecureString -String “Test123” -Force –AsPlainText
$CertRootCAFilePFX = Export-PfxCertificate -Cert cert:\LocalMachine\My\$RootCAthumbprint -FilePath C:\Users\KeyCARoot.pfx -Password $CertRootCAPassword

$CertRootCAFileCER = Export-Certificate -Cert $RootCA -FilePath C:\Users\KeyCARoot.cer

$CertRootCAFileCER
$CertRootCAPath = 'C:\Users\KeyCARoot.cer'
Import-Certificate -FilePath C:\Users\KeyCARoot.cer -CertStoreLocation Cert:\LocalMachine\Root
Intermediate CA
$InterCA = New-SelfSignedCertificate -Subject 'CN=KeyInterCARootCN,O=Test Organisation, OU=Test InterCA,C=AU' -Signer $RootCA -KeyLength 2048 -HashAlgorithm 'SHA256' -KeyExportPolicy Exportable -KeyUsage KeyEncipherment,DataEncipherment,CertSign,DigitalSignature,CRLSign -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -NotAfter (Get-Date).AddYears(35) -KeyUsageProperty Sign -TextExtension @(“2.5.29.19 = {critical} {text}ca=1&pathlength=0”) -CertStoreLocation Cert:\LocalMachine\My
$InterCAthumbprint = $InterCA.Thumbprint


$CertInterCAPassword = ConvertTo-SecureString -String “Test123” -Force –AsPlainText
$CertInterCAFilePFX = Export-PfxCertificate -Cert cert:\LocalMachine\My\$InterCAthumbprint -FilePath C:\Users\KeyInterCARoot.pfx -Password $CertInterCAPassword

$CertInterCAFileCER = Export-Certificate -Cert $InterCA -FilePath C:\Users\KeyInterCARoot.cer

$CertInterCAFileCER
Import-Certificate -FilePath C:\Users\KeyInterCARoot.cer -CertStoreLocation Cert:\LocalMachine\CA
Windows for business Windows Server User experience PowerShell
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2020-12-02T07:49:40.89+00:00

    Hi,

    You can invoke the certreq.exe in powershell 

    certreq [-submit] [options] [requestfilein [certfileout [certchainfileout [fullresponsefileOut]]]]

    certreq
    https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certreq_1

    Best Regards,
    Ian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.