Card/Note
Application/PowerShell
Application/Bash
Application/OpenSSL
Certificate
Certificate/CSR
Certificate/PFX
Certificate/PEM
Certificate/Trust_Anchor
Bulk Cert Generation
Process
In Bash on WSL
Bash cd /mnt/c/Users/myuser/certs
for n in { 01 ..24} ; do
mkdir server-$n
cp template.cnf server-$n /openssl.cnf
sed -i s/_template_/server-$n /g server-$n /openssl.cnf
openssl req -out server-$n /cert.csr -newkey rsa:2048 -nodes -keyout server-$n /cert.key -config server-$n /openssl.cnf
done
Then in PowerShell
PowerShell Import-Module PSPKI
cd C :\ Users \ myuser \ certs \
$ca = Get-CA adcs . company . com
foreach ( $n in 01 .. 24 ) {
$submit = Submit-CertificateRequest -path .\ server - $n \ cert . csr -CertificationAuthority adcs . company . com -Attribute "CertificateTemplate:TemplateNameNeededForCertificate"
$approve = $ca | Get-PendingRequest -ID $submit . RequestId | Approve-CertificateRequest
$receive = $ca | Get-IssuedRequest -Request $submit . RequestID | Receive-Certificate -Path C :\ Users \ myuser \ certs \ server - $n \
}
If you need a PFX do the following
In Bash on WSL
Bash read -r -s -p 'Password to set for PXF files: ' pfxpass
for n in { 14 ..24} ; do
openssl pkcs12 -export -password pass:$pfxpass -out server-$n /cert.pfx -inkey server-$n /cert.key -in server-$n /*.cer -certfile PKI-CHAIN.pem
done
unset pfxpass
INI 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 template.cnf
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = My State
localityName = My City
organizationName = My Company
commonName = _template_.company.com
OU = My Org Unit
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = _template_.company.com
DNS.2 = _template_
References