Skip to content

Bulk Cert Generation⚓︎

Process⚓︎

In Bash on WSL

Bash
1
2
3
4
5
6
7
cd /mnt/c/Users/myuser/certs
for n in {01..24}; do
  mkdir server-$n
  cp template.cnf server-$n/openssl.cnf
  sed -i s/_template_/server-$n/g server-$n/openssl.cnf
  openssl req -out server-$n/cert.csr -newkey rsa:2048 -nodes -keyout server-$n/cert.key -config server-$n/openssl.cnf
done

Then in PowerShell

PowerShell
1
2
3
4
5
6
7
8
Import-Module PSPKI
cd C:\Users\myuser\certs\
$ca=Get-CA adcs.company.com
foreach ($n in 01..24) {
$submit=Submit-CertificateRequest -path .\server-$n\cert.csr -CertificationAuthority adcs.company.com -Attribute "CertificateTemplate:TemplateNameNeededForCertificate"
$approve=$ca | Get-PendingRequest -ID $submit.RequestId | Approve-CertificateRequest
$receive=$ca | Get-IssuedRequest -Request $submit.RequestID | Receive-Certificate -Path C:\Users\myuser\certs\server-$n\
}

If you need a PFX do the following In Bash on WSL

Bash
1
2
3
4
5
read -r -s -p 'Password to set for PXF files: ' pfxpass
for n in {14..24}; do
  openssl pkcs12 -export -password pass:$pfxpass -out server-$n/cert.pfx -inkey server-$n/cert.key -in server-$n/*.cer -certfile PKI-CHAIN.pem
done
unset pfxpass
INI
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
template.cnf
[req]
default_bits        = 2048
distinguished_name  = req_distinguished_name
req_extensions      = req_ext
prompt = no
[req_distinguished_name]
countryName         = US
stateOrProvinceName = My State
localityName        = My City
organizationName    = My Company
commonName          = _template_.company.com
OU                  = My Org Unit
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1   = _template_.company.com
DNS.2   = _template_

References⚓︎