Creatie self signed certificate via PowerShell
Via PowerShell kunt u heel gemakkelijk een SSL certifaat aanmaken om mee te testen in een test omgeving. Het script dat hieronder te downloaden valt kunt u heel gemakkelijk aanpassen zodat het in uw omgeving past.
#------------------------------------------------------------------------
#Definieren variabelen inclusief het account om de private key te beheren
$FriendlyName = "Friendly name"
$DNS = "domain.com"
$TEMP = "$env:TEMP"
$CertStorePersonal = "Cert:\LocalMachine\My"
$CertStoreTrusted = "Cert:\LocalMachine\Root"
$Credential = Get-Credential
$Password = $Credential.password
$UserName = $Credential.username
#Aanmaken self signed cert
$cert = New-SelfSignedCertificate -KeyUsage KeyAgreement -KeyExportPolicy Exportable -KeyDescription $FriendlyName `
-KeyFriendlyName $FriendlyName -FriendlyName $FriendlyName -Subject $DNS -DnsName $DNS -CertStoreLocation `
$CertStorePersonal
#Exporteren van PFX zodat we die in de Trusted Root Store kunnen importeren
Export-PfxCertificate -Cert $cert -FilePath "$TEMP\$FriendlyName.pfx" -Password $Password
Import-PfxCertificate -Password $Password -CertStoreLocation $CertStoreTrusted -FilePath "$TEMP\$FriendlyName.pfx"
#Toevoegen ACL aan de private key
$SSLCert = Get-ChildItem $CertStorePersonal | Where-Object { $_.Thumbprint -eq $thumbprint }
$privKey = ([System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($Cert)).key.UniqueName
$keyPath = "$($env:ProgramData)\Microsoft\Crypto\Keys\"
$privKeyPath = (Get-Item "$keyPath\$privKey")
$Acl = Get-Acl $privKeyPath
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($UserName, "Read", "Allow")
$Acl.SetAccessRule($Ar)
Set-Acl $privKeyPath.FullName $Acl
#Verwijderen van een self signed certicaat gaat op dezelfde manier
Get-ChildItem $CertStorePersonal | Where-Object {$_.FriendlyName -match $FriendlyName} | Remove-Item
Get-ChildItem $CertStoreTrusted | Where-Object {$_.FriendlyName -match $FriendlyName} | Remove-Item
