Pages

Wednesday, 4 July 2018

PowerShell CryptoStudio v2.1.0.2 Released. "A PKI in Your Pocket"

PowerShell CryptoStudio v 2.1.0.2 Released. Creates a two tier PKI to create certificates for your servers

Whats new in 2.1.x
  • Redesigned as a proper module, retaining 100% compatibility with previous versions
  • No longer have to specify a Subject Alternate Name (SAN) however the Subject Name (commonName) is added to the SAN as per RFC 2818 (https://tools.ietf.org/html/rfc2818) (https://www.chromestatus.com/features/4981025180483584)
  • Option added to install certificates locally
  • Add ability to uninstall CryptoStudio
Functions within module
  • New-RootSubCa- Installs CryptoStudio's two tier PKI. Required before certificates can be issued
  • New-HostCert- Creates new certificates. All certificates are stored in $env:USERPROFILE\Documents\MyCerts
  • **New** Remove-RootSubCa- Uninstalls PS-CryptoStudio by removing the Root and SubCa certificates. While this does not remove any certificates created by PS-CryptoStudio, trust will be an issue unless you have backups of the Root and SubCa certificates (As in ActiveDirectory)
  • **New** Get-CertInfo- Gets certificate information from a pfx file. Returns Subject Name, SAN, Signature Hash Algorithm, Keysize and Issuer. Returns false on all errors
Usage
New-RootSubCa- Requires three manadatory parameters
  • RootKeyLength- Accepts values of 1, 2, 4, 8, 16 (to be multiplied by 1024)
  • SubCa01KeyLength-Accepts values of 1, 2, 4, 8, 16 (to be multiplied by 1024)
  • SubCa02KeyLength. Accepts values of 1, 2, 4, 8, 16 (to be multiplied by 1024).
  • Example- New-RootSubCa -RootKeyLength 4 -SubCA01KeyLength 4 -SubCA02KeyLength 4
New-HostCert-Accepts five parameters, three being mandatory.
  • HostName (Mandatory) specifies the subject name for the certificate. This is also added to the SAN list
  • FullDNSName (Optional) the list of hosts to be added to the SAN list. Should be FQDN
  • FriendlyName (Mandatory) A simple common name for the certificate. Not tied to SAN or Subject name.
  • HostKeylength (Mandatory) The key length of the certificate accepts values of 1, 2, 4, 8, 16 (to be multiplied by 1024)
  • InstallCertLocal(Optional) Installs certificate in the Cert:\LocalMachine\My store (LocalMachine-Personal)
  • Example-New-HostCert -HostName "myhost.com" -FullDNSName "vpn.myhost.com", "mail.myhost.com", "remote.myhost.com" -FriendlyName "My Test Cert" -HostkeyLength 4
Remove-RootSubCa- Requires no parameters.Removes the RootCa and SubCa certificates without warning. use with caution. Example Remove-RootSubCa

Get-CertInfo requires a single mandatory parameter
  • FilePath- the location and name of the certificate .
  • Example "C:\Users\User-01\Documents\MyCerts\Private\MyCert.Pfx"

To do

  • Add support for modern ECC (Elliptic Curve Cryptography)
  • Add support for symmetric cryptography (100 % done, need to incorporate with PS-CryptoStudio)
  • Add support for Let's Encrypt auto-renew (75% done, need to re-write IIS handlers)

 

Available at the PowerShell Gallery-

https://www.powershellgallery.com/packages/PS-CryptoStudio/2.1.0.2





Posted by at No comments:
Subscribe to: Comments (Atom)