PowerShell CryptoStudio v2.1.0.2 Released. "A PKI in Your Pocket"

PowerShell CryptoStudio v 2.1.0.2 Released. Creates a two tier PKI to create certificates for your servers

Whats new in 2.1.x

• Redesigned as a proper module, retaining 100% compatibility with previous versions
• No longer have to specify a Subject Alternate Name (SAN) however the Subject Name (commonName) is added to the SAN as per RFC 2818 (https://tools.ietf.org/html/rfc2818) (https://www.chromestatus.com/features/4981025180483584)
• Option added to install certificates locally
• Add ability to uninstall CryptoStudio

Functions within module

• New-RootSubCa- Installs CryptoStudio's two tier PKI. Required before certificates can be issued
• New-HostCert- Creates new certificates. All certificates are stored in $env:USERPROFILE\Documents\MyCerts
• **New** Remove-RootSubCa- Uninstalls PS-CryptoStudio by removing the Root and SubCa certificates. While this does not remove any certificates created by PS-CryptoStudio, trust will be an issue unless you have backups of the Root and SubCa certificates (As in ActiveDirectory)
• **New** Get-CertInfo- Gets certificate information from a pfx file. Returns Subject Name, SAN, Signature Hash Algorithm, Keysize and Issuer. Returns false on all errors

Usage
New-RootSubCa- Requires three manadatory parameters

• RootKeyLength- Accepts values of 1, 2, 4, 8, 16 (to be multiplied by 1024)
• SubCa01KeyLength-Accepts values of 1, 2, 4, 8, 16 (to be multiplied by 1024)
• SubCa02KeyLength. Accepts values of 1, 2, 4, 8, 16 (to be multiplied by 1024).
• Example- New-RootSubCa -RootKeyLength 4 -SubCA01KeyLength 4 -SubCA02KeyLength 4

New-HostCert-Accepts five parameters, three being mandatory.

• HostName (Mandatory) specifies the subject name for the certificate. This is also added to the SAN list
• FullDNSName (Optional) the list of hosts to be added to the SAN list. Should be FQDN
• FriendlyName (Mandatory) A simple common name for the certificate. Not tied to SAN or Subject name.
• HostKeylength (Mandatory) The key length of the certificate accepts values of 1, 2, 4, 8, 16 (to be multiplied by 1024)
• InstallCertLocal(Optional) Installs certificate in the Cert:\LocalMachine\My store (LocalMachine-Personal)
• Example-New-HostCert -HostName "myhost.com" -FullDNSName "vpn.myhost.com", "mail.myhost.com", "remote.myhost.com" -FriendlyName "My Test Cert" -HostkeyLength 4

Remove-RootSubCa- Requires no parameters.Removes the RootCa and SubCa certificates without warning. use with caution. Example Remove-RootSubCa

Get-CertInfo requires a single mandatory parameter

• FilePath- the location and name of the certificate .
• Example "C:\Users\User-01\Documents\MyCerts\Private\MyCert.Pfx"

To do

• Add support for modern ECC (Elliptic Curve Cryptography)
• Add support for symmetric cryptography (100 % done, need to incorporate with PS-CryptoStudio)
• Add support for Let's Encrypt auto-renew (75% done, need to re-write IIS handlers)

 

Available at the PowerShell Gallery-

https://www.powershellgallery.com/packages/PS-CryptoStudio/2.1.0.2