Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, December 13, 2019 3:17 PM
Good Morning All,
I want to create a self-signed certificate using New-SelfSignedCertificate for Code sign and SSL setup in my local development environment. I used the following command in a PS script;
New-SelfSignedCertificate –DnsName tokenapp.cst.srv,DEVWKS001.subscribers.ssh -CertStoreLocation “cert:\LocalMachine\My” -FriendlyName "tokenapp.cst.srv" -NotAfter (Get-Date).AddMonths(120) -Subject "CN=tokenapp.cst.srv,C=Canada,S=Ontario,L=Toronto,O=Test,OU=Test,OU=Development" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2","2.5.29.37={text}1.3.6.1.5.5.7.3.1","2.5.29.37={text}1.3.6.1.5.5.7.3.3")
Read-Host
This Command gives me an error stating "Invalid Extension". But when I used "2.5.29.37={text}1.3.6.1.5.5.7.3.2", "2.5.29.37={text}1.3.6.1.5.5.7.3.1" and "2.5.29.37={text}1.3.6.1.5.5.7.3.3" individually it works with single EKU (Enhanced Key usage) entry. How can I combine everything in one string to get a single certificate which supports Client, Server Authentication and Code Sign?
Thanks a lot for your help.
Chandima Lakmal Fonseka
All replies (1)
Friday, December 13, 2019 3:40 PM ✅Answered | 2 votes
Hi Guys,
Thanks a lot for viewing this post and I got this working. After meticulously reading MSDN documentation, following is the format I need;
Enhanced Key Usage Object Identifiers 2.5.29.37={text}oid,oid… These key usages have the following object identifiers:
- Client Authentication. 1.3.6.1.5.5.7.3.2
- Server Authentication. 1.3.6.1.5.5.7.3.1
- Secure Email. 1.3.6.1.5.5.7.3.4
- Code Signing. 1.3.6.1.5.5.7.3.3
- Timestamp Signing. 1.3.6.1.5.5.7.3.8
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.3")
After I used the above TextExtension, cert got created with no issues.
Chandima Lakmal Fonseka