question

NickCawein-94 avatar image
0 Votes"
NickCawein-94 asked MotoX80 answered

issue creating a script that will generate a CSR and out-file it to a folder.

Oy mates I'm having an issue creating a script that will generate a CSR and out-file it to a folder.



I get an error for sending the file to C:/users/administrator/temp/CSR    -Access Denied



I am running the system as administrator



Here is what I have:



Prerequisite check

if (-NOT([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Host "Administrator priviliges are required. Please restart this script with elevated rights." -ForegroundColor Red
Pause
Throw "Administrator priviliges are required. Please restart this script with elevated rights."
}


Setting the variables

$UID = [guid]::NewGuid()
$files = @{}
$files['settings'] = "$($env:TEMP)\$($UID)-settings.inf";
$files['csr'] = "$($env:TEMP)\$($UID)-csr.req"


$request = @{}
$request['SAN'] = @{}

Write-Host "Provide the Subject details required for the Certificate Signing Request" -ForegroundColor Yellow
$request['CN'] = Read-Host "Common Name (CN)"
$request['O'] = Read-Host "Organisation (O)"
$request['OU'] = Read-Host "Organisational Unit (OU)"
$request['L'] = Read-Host "Locality / City (L)"
$request['S'] = Read-Host "State (S)"
$request['C'] = Read-Host "Country Code (C)"

Subject Alternative Names

$i = 0
Do {
$i++
$request['SAN'][$i] = read-host "Subject Alternative Name $i (e.g. alt.company.com / leave empty for none)"
if ($request['SAN'][$i] -eq "") {

}

} until ($request['SAN'][$i] -eq "")

Remove the last in the array (which is empty)

$request['SAN'].Remove($request['SAN'].Count)

Create the settings.inf

$settingsInf = "
[Version]
Signature=`"`$Windows NT`$
[NewRequest]
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = FALSE
RequestType = PKCS10
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
HashAlgorithm = sha256
;Variables
Subject = "CN={ {CN}},OU={ {OU}},O={ {O}},L={ {L}},S={ {S}},C={ {C}}"
[Extensions]
{ {SAN}}


;Certreq info
;http://technet.microsoft.com/en-us/library/dn296456.aspx
;CSR Decoder
;https://certlogik.com/decoder/
;https://ssltools.websecurity.symantec.com/checker/views/csrCheck.jsp
"

$request['SAN_string'] = & {
if ($request['SAN'].Count -gt 0) {
$san = "2.5.29.17 = "{text}"
"
Foreach ($sanItem In $request['SAN'].Values) {
$san += "continue = "dns="+$sanItem+"&"
"
}
return $san
}
}

$settingsInf = $settingsInf.Replace("{ {CN}}",$request['CN']).Replace("{ {O}}",$request['O']).Replace("{ {OU}}",$request['OU']).Replace("{ {L}}",$request['L']).Replace("{ {S}}",$request['S']).Replace("{ {C}}",$request['C']).Replace("{ {SAN}}",$request['SAN_string'])

Save settings to file in temp

$settingsInf > $files['settings']

Done, we can start with the CSR

Clear-Host

CSR TIME


Display summary

Write-Host "Certificate information
Common name: $($request['CN'])
Organisation: $($request['O'])
Organisational unit: $($request['OU'])
City: $($request['L'])
State: $($request['S'])
Country: $($request['C'])

Subject alternative name(s): $($request['SAN'].Values -join ", ")

Signature algorithm: SHA256
Key algorithm: RSA
Key size: 2048

" -ForegroundColor Yellow

certreq -new $files['settings'] $files['csr'] > $null

Output the CSR

$CSR = Get-Content $files['csr']

$CSR = Add-Content $files['csr']
Write-Output $CSR
Write-Host "
"

Set the Clipboard (Optional)

Write-Host "Copy CSR to clipboard? (y|n): " -ForegroundColor Yellow -NoNewline
if ((Read-Host) -ieq "y") {
$csr | clip
Write-Host "Check your ctrl+v
"
}



Remove temporary files


$files.Values | ForEach-Object {
Remove-Item $_ -ErrorAction SilentlyContinue
}

windows-server-powershell
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Please use the Code Sample icon when posting code. (The "101010" icon.) The web site removes certain characters and it makes reading your code difficult.

Which statement is generating the error? I don't see an out-file statement in your code.

0 Votes 0 ·

1 Answer

MotoX80 avatar image
0 Votes"
MotoX80 answered

Is this the problem area?

 certreq -new $files['settings'] $files['csr'] > $null
    
 #Output the CSR
 $CSR = Get-Content $files['csr']
    
 $CSR = Add-Content $files['csr']
 Write-Output $CSR


The Add-Content won't work because you didn't specify any value to add. If you are trying to append (duplicate) the contents of $CSR to the file then you need to pipe the contents to it.

 $CSR | Add-Content $files['csr']
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.