Convert cert generation script to PowerShell (get rid of OpenSSL)

[forderud]

Associated branch: https://github.com/forderud/WindowsClientAuth/tree/ps-gen

Script stub for generating a clientAuth certificate:

$signer = Get-ChildItem "Cert:\CurrentUser\My" | Where-Object {$_.Subject -eq "CN=TestRootCertificate"}

New-SelfSignedCertificate -Type Custom -Subject "CN= ClientCert" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $signer -NotAfter (Get-Date).AddMonths(12)

Challenge:

• How to avoid encrypted PFX files?

Links:

• https://learn.microsoft.com/en-us/powershell/module/pki/export-certificate
• https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate
• https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-create-temporary-certificates-for-use-during-development

Certificate baseline

CA baseline

ClientAuth baseline

localhost baseline

[forderud]

Completed in https://github.com/forderud/WindowsClientAuth/pull/15