issue creating a script that will generate a CSR and out-file it to a folder.

Nick C 1 Reputation point
2021-08-13T21:40:06.97+00:00

Oy mates I'm having an issue creating a script that will generate a CSR and out-file it to a folder.

I get an error for sending the file to C:/users/administrator/temp/CSR    -Access Denied

I am running the system as administrator

Here is what I have:

Prerequisite check

if (-NOT([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Host "Administrator priviliges are required. Please restart this script with elevated rights." -ForegroundColor Red
Pause
Throw "Administrator priviliges are required. Please restart this script with elevated rights."
}

Setting the variables

$UID = [guid]::NewGuid()
$files = @{}
$files['settings'] = "$($env:TEMP)\$($UID)-settings.inf";
$files['csr'] = "$($env:TEMP)\$($UID)-csr.req"

$request = @{}
$request['SAN'] = @{}

Write-Host "Provide the Subject details required for the Certificate Signing Request" -ForegroundColor Yellow
$request['CN'] = Read-Host "Common Name (CN)"
$request['O'] = Read-Host "Organisation (O)"
$request['OU'] = Read-Host "Organisational Unit (OU)"
$request['L'] = Read-Host "Locality / City (L)"
$request['S'] = Read-Host "State (S)"
$request['C'] = Read-Host "Country Code (C)"

Subject Alternative Names

$i = 0
Do {
$i++
$request['SAN'][$i] = read-host "Subject Alternative Name $i (e.g. alt.company.com / leave empty for none)"
if ($request['SAN'][$i] -eq "") {

}

} until ($request['SAN'][$i] -eq "")

Remove the last in the array (which is empty)

$request['SAN'].Remove($request['SAN'].Count)

Create the settings.inf

$settingsInf = "
[Version]
Signature="$Windows NT$ [NewRequest] KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE SMIME = FALSE RequestType = PKCS10 ProviderName ="Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 HashAlgorithm = sha256 ;Variables Subject ="CN={{CN}},OU={{OU}},O={{O}},L={{L}},S={{S}},C={{C}}`"
[Extensions]
{{SAN}}

;Certreq info
;http://technet.microsoft.com/en-us/library/dn296456.aspx
;CSR Decoder
;https://certlogik.com/decoder/
;https://ssltools.websecurity.symantec.com/checker/views/csrCheck.jsp
"

$request['SAN_string'] = & {
if ($request['SAN'].Count -gt 0) {
$san = "2.5.29.17 = "{text}"
"
Foreach ($sanItem In $request['SAN'].Values) {
$san += "continue = "dns="+$sanItem+"&"
"
}
return $san
}
}

$settingsInf = $settingsInf.Replace("{{CN}}",$request['CN']).Replace("{{O}}",$request['O']).Replace("{{OU}}",$request['OU']).Replace("{{L}}",$request['L']).Replace("{{S}}",$request['S']).Replace("{{C}}",$request['C']).Replace("{{SAN}}",$request['SAN_string'])

Save settings to file in temp

$settingsInf > $files['settings']

Done, we can start with the CSR

Clear-Host

CSR TIME

Display summary

Write-Host "Certificate information
Common name: $($request['CN'])
Organisation: $($request['O'])
Organisational unit: $($request['OU'])
City: $($request['L'])
State: $($request['S'])
Country: $($request['C'])

Subject alternative name(s): $($request['SAN'].Values -join ", ")

Signature algorithm: SHA256
Key algorithm: RSA
Key size: 2048

" -ForegroundColor Yellow

certreq -new $files['settings'] $files['csr'] > $null

Output the CSR

$CSR = Get-Content $files['csr']

$CSR = Add-Content $files['csr']
Write-Output $CSR
Write-Host "
"

Set the Clipboard (Optional)

Write-Host "Copy CSR to clipboard? (y|n): " -ForegroundColor Yellow -NoNewline
if ((Read-Host) -ieq "y") {
$csr | clip
Write-Host "Check your ctrl+v
"
}

Remove temporary files

$files.Values | ForEach-Object {
Remove-Item $_ -ErrorAction SilentlyContinue
}

Windows for business Windows Server User experience PowerShell
{count} votes

1 answer

Sort by: Most helpful
  1. MotoX80 36,291 Reputation points
    2021-08-13T22:39:10.823+00:00

    Is this the problem area?

    certreq -new $files['settings'] $files['csr'] > $null
    
    #Output the CSR
    $CSR = Get-Content $files['csr']
    
    $CSR = Add-Content $files['csr']
    Write-Output $CSR
    

    The Add-Content won't work because you didn't specify any value to add. If you are trying to append (duplicate) the contents of $CSR to the file then you need to pipe the contents to it.

    $CSR | Add-Content $files['csr']
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.