-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathCertHelpers.psm1
72 lines (60 loc) · 1.28 KB
/
CertHelpers.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
function New-DscDocumentEncryptionCertificate
{
[CmdletBinding()]
param (
[Parameter()]
[string]
$Subject = 'DscEncryptionCert',
[Parameter()]
[string]
[ValidateSet('LocalMachine', 'CurrentUser')]
$Store = 'CurrentUser',
[Parameter()]
[switch]
$PassThru
)
$param = @{
DnsName = $env:COMPUTERNAME
KeyUsage = 'KeyEncipherment', 'DataEncipherment', 'KeyAgreement'
Type = 'DocumentEncryptionCert'
CertStoreLocation = "Cert:\\$Store\My"
NotAfter = (Get-Date).AddYears(2)
Subject = $Subject
}
$cert = New-SelfSignedCertificate @param
if ($PassThru)
{
$cert
}
}
function New-M365DSCSelfSignedCertificate
{
[CmdletBinding()]
param (
[Parameter()]
[string]
$Subject = 'Certificate Authentication',
[Parameter()]
[string]
[ValidateSet('LocalMachine', 'CurrentUser')]
$Store = 'CurrentUser',
[Parameter()]
[switch]
$PassThru
)
$param = @{
CertStoreLocation = "Cert:\\$Store\My"
NotAfter = (Get-Date).AddYears(2)
Subject = $Subject
KeyExportPolicy = 'Exportable'
KeySpec = 'Signature'
KeyLength = 2048
KeyAlgorithm = 'RSA'
HashAlgorithm = 'SHA256'
}
$cert = New-SelfSignedCertificate @param
if ($PassThru)
{
$cert
}
}