de-DEen-GB
 
MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

Create Exchange internal/external Url based certificate requests

Exchange Server 2013Exchange Server 2016Description

This script helps to create ceritifcate requests (CSR) based on hostnames used for internal and external Urls of Exchange Server virtual directories.

The script queries Exchange Server 2013+ virtual directory hostnames to create a certificate request.

The request is created using an inf file template. You can prepare multiple template files to choose from. Template files are supposed to be stored in the same folder as the PowerShell script.

The resulting inf file used to create the certificate request is stored on the same directory as the PowerShell script. The script queries for the certificate's common name (CN).

If created, the certificate request is stored in the same directory as the PowerShell script. The content of the certificate request file is the CSR to be submitted to a Certificate Authority.

INF Template file

Copy the following content to a text file, name it Default-Template.inf and save it to the same directory as the Create-CertificateRequest.ps1 file. Aternatively, download the template as a zipped archive file.

[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=##COMMONNAME##" 

Exportable = TRUE ; TRUE = Private key is exportable
KeyLength = 2048 ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1 ; Key Exchange – Required for encryption
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
RequestType = PKCS10 ; or CMC.
HashAlgorithm = sha256
SMIME = FALSE 

[Strings]
szOID_SUBJECT_ALT_NAME2 = "2.5.29.17"
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"

[Extensions]
%szOID_SUBJECT_ALT_NAME2% = "{text}##DNSSAN##"
%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"

Examples

# EXAMPLE 1
# Create a new certificate request inf file used dedicated organizational information. The common name will be determined seperately.
    
.\Create-CertificateRequest.ps1 -ModernExchangeOnly -Country DE -State NW -City Hueckelhoven -Organisation Varuna -Department IT

# EXAMPLE 2
# Create a new certificate request for Exchange 2013+ using the common name only. The common name will be determined seperately.
    
.\Create-CertificateRequest.ps1 -ModernExchangeOnly -CreateRequest

Version History

  • 1.0, Initial community release

Links

Follow

 



Comments are closed.

Showing 0 Comment