| | | 1 | | <# |
| | | 2 | | .SYNOPSIS |
| | | 3 | | Creates a PEM-encoded CSR (and returns the private key). |
| | | 4 | | .DESCRIPTION |
| | | 5 | | Creates a PEM-encoded CSR (Certificate Signing Request) and returns the private key. |
| | | 6 | | The CSR can be used to request a certificate from a CA (Certificate Authority). |
| | | 7 | | .PARAMETER DnsNames |
| | | 8 | | The DNS name(s) for which the certificate is requested. |
| | | 9 | | This can include multiple names for Subject Alternative Names (SANs). |
| | | 10 | | .PARAMETER KeyType |
| | | 11 | | The type of key to generate for the CSR. Options are 'Rsa' or 'Ecdsa'. |
| | | 12 | | Defaults to 'Rsa'. |
| | | 13 | | .PARAMETER KeyLength |
| | | 14 | | The length of the key to generate. Defaults to 2048 bits for RSA keys. |
| | | 15 | | This parameter is ignored for ECDSA keys. |
| | | 16 | | .PARAMETER Country |
| | | 17 | | The country name (2-letter code) to include in the CSR. |
| | | 18 | | This is typically the ISO 3166-1 alpha-2 code (e.g., 'US' for the United States). |
| | | 19 | | .PARAMETER Org |
| | | 20 | | The organization name to include in the CSR. |
| | | 21 | | This is typically the legal name of the organization. |
| | | 22 | | .PARAMETER OrgUnit |
| | | 23 | | The organizational unit name to include in the CSR. |
| | | 24 | | This is typically the department or division within the organization. |
| | | 25 | | .PARAMETER CommonName |
| | | 26 | | The common name (CN) to include in the CSR. |
| | | 27 | | This is typically the fully qualified domain name (FQDN) for the certificate. |
| | | 28 | | .PARAMETER KeyUsage |
| | | 29 | | Optional X.509 key usage flags to include in the CSR extension request. |
| | | 30 | | Use this when the target CA or downstream tooling expects explicit key-usage hints in the CSR. |
| | | 31 | | .OUTPUTS |
| | | 32 | | [Kestrun.Certificates.CsrResult] |
| | | 33 | | |
| | | 34 | | .EXAMPLE |
| | | 35 | | $csrResult = New-KrCertificateRequest -DnsNames 'example.com' -Country US |
| | | 36 | | $csrResult.CsrPem | Set-Content -Path 'C:\path\to\csr.pem' |
| | | 37 | | $csrResult.PrivateKeyPem | Set-Content -Path 'C:\path\to\private.key' |
| | | 38 | | |
| | | 39 | | Creates a CSR with minimal subject information and saves the CSR and private key to files. |
| | | 40 | | .EXAMPLE |
| | | 41 | | $csrResult = New-KrCertificateRequest -DnsNames 'example.com' -Country US -Org 'Example Corp' -OrgUnit 'IT' -CommonN |
| | | 42 | | $csrResult.CsrPem | Set-Content -Path 'C:\path\to\csr.pem' |
| | | 43 | | $csrResult.PrivateKeyPem | Set-Content -Path 'C:\path\to\private.key' |
| | | 44 | | |
| | | 45 | | Creates a CSR with detailed subject information and saves the CSR and private key to files. |
| | | 46 | | .EXAMPLE |
| | | 47 | | $csrResult = New-KrCertificateRequest -DnsNames 'example.com' -CommonName 'example.com' -KeyUsage DigitalSignature,K |
| | | 48 | | $csrResult.CsrPem |
| | | 49 | | |
| | | 50 | | Creates a CSR that includes an explicit key-usage extension request. |
| | | 51 | | #> |
| | | 52 | | function New-KrCertificateRequest { |
| | | 53 | | [KestrunRuntimeApi('Everywhere')] |
| | | 54 | | [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] |
| | | 55 | | [CmdletBinding()] |
| | | 56 | | [OutputType([Kestrun.Certificates.CsrResult])] |
| | | 57 | | param( |
| | | 58 | | [Parameter(Mandatory)] |
| | | 59 | | [string[]] $DnsNames, |
| | | 60 | | |
| | | 61 | | [Parameter()] |
| | | 62 | | [ValidateSet('Rsa', 'Ecdsa')] |
| | | 63 | | [string]$KeyType = 'Rsa', |
| | | 64 | | |
| | | 65 | | [Parameter()] |
| | | 66 | | [int]$KeyLength = 2048, |
| | | 67 | | |
| | | 68 | | [Parameter()] |
| | | 69 | | [string]$Country, |
| | | 70 | | |
| | | 71 | | [Parameter()] |
| | | 72 | | [string]$Org, |
| | | 73 | | |
| | | 74 | | [Parameter()] |
| | | 75 | | [string]$OrgUnit, |
| | | 76 | | |
| | | 77 | | [Parameter()] |
| | | 78 | | [string]$CommonName, |
| | | 79 | | |
| | | 80 | | [Parameter()] |
| | | 81 | | [System.Security.Cryptography.X509Certificates.X509KeyUsageFlags[]]$KeyUsage = @() |
| | | 82 | | ) |
| | | 83 | | |
| | 1 | 84 | | $keyUsageFlags = if ($PSBoundParameters.ContainsKey('KeyUsage') -and $KeyUsage.Count -gt 0) { |
| | 1 | 85 | | Join-KeyUsageFlag -KeyUsage $KeyUsage |
| | | 86 | | } |
| | | 87 | | |
| | 1 | 88 | | $opts = [Kestrun.Certificates.CsrOptions]::new( |
| | | 89 | | $DnsNames, |
| | | 90 | | [Kestrun.Certificates.KeyType]::$KeyType, |
| | | 91 | | $KeyLength, |
| | | 92 | | $Country, |
| | | 93 | | $Org, |
| | | 94 | | $OrgUnit, |
| | | 95 | | $CommonName, |
| | | 96 | | $keyUsageFlags |
| | | 97 | | ) |
| | 1 | 98 | | return [Kestrun.Certificates.CertificateManager]::NewCertificateRequest($opts) |
| | | 99 | | } |