此篇文章仅作为知识积累和记录, 懂得都懂, 不懂的,看官网就可以懂
涉及到两个工具 CertReq 和 certutil
$certpath = "D:\CertRequest"
$pfx_files_path = "D:\pfxfiles"
$CA = "CA001.contoso.com\ROOTCA01"
$certtemplate = "ServersTemplate"
$requestfile = Get-Content "D:\CertRequest.txt"
foreach ($requestcert in $requestfile)
{
$subjectname = $requestcert # Read-Host "what is the FQDN like abc.contoso.com?" #set certificate FQDN
$inf_filefullpath = "$certpath\$subjectname.inf"
$req_filefullpath = "$certpath\$subjectname.req"
$cer_filefullpath = "$certpath\$subjectname.cer"
$pfx_filefullpath = "$certpath\$subjectname.pfx"
$pwd_filefullpath = "$certpath\$subjectname" + "pwd.txt"
$cersn_exportpath = "$certpath\$subjectname" + "sn.txt"
"[Version]" | Out-File -Append $inf_filefullpath
'Signature="$Windows NT$"' | Out-File -Append $inf_filefullpath
"`n" | Out-File -Append $inf_filefullpath
"[NewRequest]" | Out-File -Append $inf_filefullpath
"Subject=CN=" + "`"" + $subjectname + "`"" | Out-File -Append $inf_filefullpath
"KeyLength = 2048" | Out-File -Append $inf_filefullpath
"Exportable = true" | Out-File -Append $inf_filefullpath
"`n" | Out-File -Append $inf_filefullpath
"[RequestAttributes]" | Out-File -Append $inf_filefullpath
"CertificateTemplate=$certtemplate" | Out-File -Append $inf_filefullpath
CertReq -New -f $inf_filefullpath $req_filefullpath
CertReq -Submit -f -config $CA $req_filefullpath $cer_filefullpath
certreq -accept $cer_filefullpath
certutil -verify $cer_filefullpath | findstr -i number > $cersn_exportpath
$SN = (Get-Content $cersn_exportpath).Substring(20)
$pfxpwd = abc123 # set pfx file password
certutil -f -p $pfxpwd -exportpfx $SN $pfx_filefullpath
Get-Item -Path $pfx_filefullpath | Move-Item -Destination $pfx_files_path -Force #move result pfx file to pfxfiles directory
}
