| | | 1 | | <# |
| | | 2 | | .SYNOPSIS |
| | | 3 | | Creates a PEM-encoded CSR (and returns the private key). |
| | | 4 | | |
| | | 5 | | .DESCRIPTION |
| | | 6 | | Creates a PEM-encoded CSR (Certificate Signing Request) and returns the private key. |
| | | 7 | | The CSR can be used to request a certificate from a CA (Certificate Authority). |
| | | 8 | | .PARAMETER DnsNames |
| | | 9 | | The DNS name(s) for which the certificate is requested. |
| | | 10 | | This can include multiple names for Subject Alternative Names (SANs). |
| | | 11 | | .PARAMETER KeyType |
| | | 12 | | The type of key to generate for the CSR. Options are 'Rsa' or 'Ecdsa'. |
| | | 13 | | Defaults to 'Rsa'. |
| | | 14 | | .PARAMETER KeyLength |
| | | 15 | | The length of the key to generate. Defaults to 2048 bits for RSA keys. |
| | | 16 | | This parameter is ignored for ECDSA keys. |
| | | 17 | | .PARAMETER Country |
| | | 18 | | The country name (2-letter code) to include in the CSR. |
| | | 19 | | This is typically the ISO 3166-1 alpha-2 code (e.g., 'US' for the United States). |
| | | 20 | | .PARAMETER Org |
| | | 21 | | The organization name to include in the CSR. |
| | | 22 | | This is typically the legal name of the organization. |
| | | 23 | | .PARAMETER OrgUnit |
| | | 24 | | The organizational unit name to include in the CSR. |
| | | 25 | | This is typically the department or division within the organization. |
| | | 26 | | .PARAMETER CommonName |
| | | 27 | | The common name (CN) to include in the CSR. |
| | | 28 | | This is typically the fully qualified domain name (FQDN) for the certificate. |
| | | 29 | | .OUTPUTS |
| | | 30 | | [Kestrun.Certificates.CertificateManager.CsrResult] |
| | | 31 | | |
| | | 32 | | .EXAMPLE |
| | | 33 | | $csr, $priv = New-KestrunCertificateRequest -DnsNames 'example.com' -Country US |
| | | 34 | | $csr | Set-Content -Path 'C:\path\to\csr.pem' |
| | | 35 | | $priv | Set-Content -Path 'C:\path\to\private.key' |
| | | 36 | | .EXAMPLE |
| | | 37 | | $csr, $priv = New-KestrunCertificateRequest -DnsNames 'example.com' -Country US -Org 'Example Corp' -OrgUnit 'IT |
| | | 38 | | $csr | Set-Content -Path 'C:\path\to\csr.pem' |
| | | 39 | | $priv | Set-Content -Path 'C:\path\to\private.key' |
| | | 40 | | |
| | | 41 | | #> |
| | | 42 | | function New-KrCertificateRequest { |
| | | 43 | | [KestrunRuntimeApi('Everywhere')] |
| | | 44 | | [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] |
| | | 45 | | [CmdletBinding()] |
| | | 46 | | [OutputType([Kestrun.Certificates.CsrResult])] |
| | | 47 | | param( |
| | | 48 | | [Parameter(Mandatory)] |
| | | 49 | | [string[]] $DnsNames, |
| | | 50 | | |
| | | 51 | | [ValidateSet('Rsa', 'Ecdsa')] |
| | | 52 | | [string] $KeyType = 'Rsa', |
| | | 53 | | |
| | | 54 | | [int] $KeyLength = 2048, |
| | | 55 | | |
| | | 56 | | [string] $Country, |
| | | 57 | | [string] $Org, |
| | | 58 | | [string] $OrgUnit, |
| | | 59 | | [string] $CommonName |
| | | 60 | | ) |
| | | 61 | | |
| | 0 | 62 | | $opts = [Kestrun.Certificates.CertificateManager+CsrOptions]::new( |
| | | 63 | | $DnsNames, |
| | | 64 | | [Kestrun.Certificates.CertificateManager+KeyType]::$KeyType, |
| | | 65 | | $KeyLength, |
| | | 66 | | $Country, |
| | | 67 | | $Org, |
| | | 68 | | $OrgUnit, |
| | | 69 | | $CommonName |
| | | 70 | | ) |
| | 0 | 71 | | return [Kestrun.Certificates.CertificateManager]::NewCertificateRequest($opts) |
| | | 72 | | } |
| | | 73 | | |