Untitled
unknown
plain_text
7 days ago
2.6 kB
2
Indexable
# Check required criteria in the CSR $csrText = openssl req -in $csrPath -noout -text -subject # Extract the subject line $subjectLine = ($csrText | Select-String -Pattern "^subject=").Line # Check country (must match the CA's country) $csrCountryMatch = $subjectLine -match "C=($caCountry)" if (-not $csrCountryMatch) { Write-Error "The CSR country does not match the CA's country ($caCountry)" return } # Check organization (must match the CA's organization) $csrOrgMatch = $subjectLine -match "O=($caOrg)" if (-not $csrOrgMatch) { Write-Error "The CSR organization does not match the CA's organization ($caOrg)" return } # Check organizational unit (mandatory) $orgUnitCheck = $subjectLine -match "OU=([^,]+)" if (-not $orgUnitCheck) { Write-Error "The CSR does not contain an organizational unit" return } # Check locality/city (mandatory) $localityCheck = $subjectLine -match "L=([^,]+)" if (-not $localityCheck) { Write-Error "The CSR does not contain a locality (city)" return } # Check email address (mandatory) $emailCheck = $subjectLine -match "emailAddress=([^,]+)" if (-not $emailCheck) { Write-Error "The CSR does not contain an email address" return } # Extract username and email from the CSR $username = [System.IO.Path]::GetFileNameWithoutExtension($CsrFile) $emailMatch = $csrText | Select-String -Pattern "emailAddress\s*:\s*(.*)" $email = $emailMatch.Matches.Groups[1].Value.Trim() # Create a temporary file for certificate-specific extensions $extFile = "$MINICA_PATH\temp_extensions.cnf" @" nsComment = "Certificate for $username" nsCertType = client, email subjectAltName = email:$email,otherName:1.3.6.1.4.1.311.20.2.3;UTF8:$username@EPITAF.local "@ | Out-File -Encoding ASCII $extFile # Sign the CSR to generate the certificate (valid for 30 days) $certPath = "$MINICA_CERT\$CrtFile" openssl ca -config "$MINICA_PATH\openssl.cnf" -in $csrPath -out $certPath -days 30 ` -extfile $extFile -extensions usr_cert -batch # Clean up the temporary file Remove-Item $extFile -Force Write-Host "Certificate signed and saved at $certPath (valid for 30 days)" # Copy the certificate to the public folder for distribution Copy-Item $certPath -Destination "$MINICA_PUBLIC\$CrtFile" -Force Write-Host "Certificate also available for distribution at \\EPITAF.fr\PKI\public\$CrtFile" }
Editor is loading...
Leave a Comment