Last active
March 29, 2023 22:22
-
-
Save bixb0012/888b2617dac1426ab7f4b81a2dda04b5 to your computer and use it in GitHub Desktop.
PowerShell: PKI-related
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -Version 5.1 | |
# Reference: 1) https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate?view=windowsserver2019-ps | |
# Reference: 2) https://learn.microsoft.com/en-us/powershell/module/pki/export-certificate?view=windowsserver2019-ps | |
# Example 1: Create new self-signed certificate for use with Cryptographic Message Syntax (CMS) format | |
$NewCertArgs = @{ | |
# KeyProtection = "Protect" # default is None | |
# KeyExportPolicy = "Exportable", "ExportableEncrypted" # default is "ExportableEncrypted" | |
KeyLength = 2048 | |
KeyAlgorithm = "RSA" | |
Type = "DocumentEncryptionCert" | |
FriendlyName = "CMS Encryption - $($Env:UserName)@$($Env:UserDnsDomain)" | |
Subject = @("CN=$($Env:UserName)@$($Env:UserDnsDomain)" | |
"O=$($Env:UserDomain)", | |
"C=$((Get-WinSystemLocale).Name.Split("-")[-1])" | |
) -join "," | |
CertStoreLocation = "Cert:\CurrentUser\My" | |
} | |
$Cert = New-SelfSignedCertificate @NewCertArgs | |
# Example 2: Get user certificates suitable for use with Cryptographic Message Syntax (CMS) format | |
$Certs = Get-ChildItem -Path "Cert:\CurrentUser\My" | ? { | |
$_.EnhancedKeyUsageList.FriendlyName -eq "Document Encryption" -and | |
$_.Extensions.KeyUsages -match "DataEncipherment" -and | |
$_.Extensions.KeyUsages -match "KeyEncipherment" | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment