stackoom
  简体   繁体   中英

Using PowerShell to Create Self-Signed Certificate of 2048 bits length

 原文  2018-01-22 12:48:56       powershell/ ssl/ ssl-certificate

Question

I use the function bellow to generate self-signed certificate for using it into IIS. My question is how to generate the certificate with the public key of length 2048 bits? I have changed $key.Length to 2048 but when I generate the certificate, public key is only 1024 bits. 

function Add-SelfSignedCertificate
{
    [CmdletBinding()]
    param
    (
            [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
            [Alias('cn')]
            [string]$CommonName
    )

    $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
    $name.Encode("CN=$CommonName", 0)

    $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
    $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
    $key.KeySpec = 1
    $key.Length = 2048
    $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
    $key.MachineContext = 1
    $key.Create()

    $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
    $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
    $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
    $ekuoids.add($serverauthoid)
    $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
    $ekuext.InitializeEncode($ekuoids)

    $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
    $cert.InitializeFromPrivateKey(2, $key, "")
    $cert.Subject = $name
    $cert.Issuer = $cert.Subject
    $cert.NotBefore = get-date
    $cert.NotAfter = $cert.NotBefore.AddYears(5)
    $cert.X509Extensions.Add($ekuext)
    $cert.Encode()

    $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
    $enrollment.InitializeFromRequest($cert)
    $enrollment.CertificateFriendlyName = $CommonName
    $certdata = $enrollment.CreateRequest(0)
    $enrollment.InstallResponse(2, $certdata, 0, "")
}

2 answers

solution1
 0  2018-01-22 12:57:28

Why don't you generate a 2048 first and then add it like : 

New-SelfSignedCertificate -Type Custom -Subject "E=a.b@test.com,CN=user" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.4","2.5.29.17={text}email=a.b@test.com&upn=ab@test.com") -KeyUsage DataEncipherment -KeyAlgorithm RSA -KeyLength 2048 -SmimeCapabilities -CertStoreLocation "Cert:\CurrentUser\My"

Then after this you can add it.

Hope it helps.

solution2
 0  2018-01-23 08:44:44

重新启动计算机后,问题解决了,我运行了脚本,它运行正常。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using PowerShell to Create Self-Signed Certificate powershell Accepting self-signed certificates using ServerCertificateValidationCallback Unable to generate self signed certificate using Powershell Easiest way to create and upload a self-signed certificate to Azure App Service Create self signed iis ssl certificate from powershell Is it possible to connect to MsolService (powershell) using self signed certificate? Trusting self-signed certificate in Invoke-WebRequest call SSL Self-Signed certificate not trusted by ASP.Net app Generate Self-signed certificate with Root CA Signer Generating self-signed certificate without external libraries
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM