New-SelfSignedCertificate on Win2012 r2 has fewer options

Question

New-SelfSignedCertificate on Win2012 r2 has fewer options

I am trying to create a self-signed certificate with specific encryption settings.

On a Win Server 2012 r2 server running PowerShell 5.0 when I try to use

New-SelfSignedCertificate

I get an error message:

New-SelfSignedCertificate: parameter cannot be found that matches the name of the parameter "Subject".

when I try to use a parameter -Subjectthat, in addition to other parameters allowed on my laptop, does not appear in intellisense.

However, on my laptop (Win 10 and PowerShell 5.0), I am allowed to use these options, and I create a self-signed certificate using the following code

#create a Certificate
# OID for document encryption
    $Oid = New-Object System.Security.Cryptography.Oid "1.3.6.1.4.1.311.80.1"
    $oidCollection = New-Object System.Security.Cryptography.OidCollection
    $oidCollection.Add($oid) > $Null
# Create enhanced key usage extension that allows document encryption
$Ext = New-Object System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension $oidCollection, $true 

$myCert = New-SelfSignedCertificate -Subject 'CN=myservernameasubject' -CertStoreLocation "Cert:\LocalMachine\My" -KeySpec KeyExchange -KeyUsage KeyEncipherment, DataEncipherment -Extension $Ext

+4

certificate powershell self-signed powershell-v5.0

Samer s Salib 10 . '16 18:06

2

...

New-SelfSignedCertificate -DnsName "*.costoso100.com" -CertStoreLocation "cert:\LocalMachine\My"

LDAPS 15 .

0

CLBdS 22 . '17 17:12

JamieSee · Accepted Answer · 2016-03-10T18:35:55+0000

-DnsName CN=.

PowerShell:

-DnsName <String> DNS- , CloneCert. DNS .

, -KeySpec New-SelfSignedCertificate Windows Server 2012 R2 Windows 8.1. ; COM- #? PowerShell, , makecert.exe, / , .

:. , COM- PowerShell . Vishal Agarwal, () powershell CertEnroll, PowerShell:

$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
$name.Encode("CN=TestServer", 0)

$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
$key.KeySpec = 1
$key.Length = 1024
$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
$key.MachineContext = 1
$key.Create()

$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
$ekuoids.add($serverauthoid)
$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
$ekuext.InitializeEncode($ekuoids)

$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
$cert.InitializeFromPrivateKey(2, $key, "")
$cert.Subject = $name
$cert.Issuer = $cert.Subject
$cert.NotBefore = get-date
$cert.NotAfter = $cert.NotBefore.AddDays(90)
$cert.X509Extensions.Add($ekuext)
$cert.Encode()

$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
$enrollment.InitializeFromRequest($cert)
$certdata = $enrollment.CreateRequest(0)
$enrollment.InstallResponse(2, $certdata, 0, "")

New-SelfSignedCertificate on Win2012 r2 has fewer options

More articles: