Benutzer:MovGP0/Zertifikate

selfssl /N "cn=localhost;cn=example.com" /V "EXPIRATIONTIMEINDAYS" /I /S "IISSITENAME" /X /F "KEYLOCATION\key.pfx" /W "PASSWORD" /T

makecert -r -n "CN=localhost" -b 01/01/2000 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -sv localhost.pvk localhost.cercert2spc localhost.cer localhost.spcpvk2pfx -pvk localhost.pvk -spc localhost.spc -pfx localhost.pfx

openssl genrsa -out localhost.key 2048openssl req -new -x509 -key localhost.key -out localhost.cert -days 3650 -subj /CN=localhost

# create root zertificate $rootCert = New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName "Root CA Name";# export root certificate [System.Security.SecureString]$rootcertPassword = ConvertTo-SecureString -String "znft5yeL34pxCu3nATlt1gMazX0NM8FVvr9yZOhcS79yJm8kUVjhA17UuWkQOb0u" -Force -AsPlainText;[String]$rootCertPath = Join-Path -Path 'cert:\localMachine\my\' -ChildPath "$($rootcert.Thumbprint)";Export-PfxCertificate -Cert $rootCertPath -FilePath 'root-authority.pfx' -Password $rootcertPassword; # private keyExport-Certificate    -Cert $rootCertPath -FilePath 'root-authority.crt';                             # public key# use root certificate to sign gateway certificate$gatewayCert = New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName "*.example.com","*.example.org" -Signer $rootCert;# export gateway certificate[System.Security.SecureString]$gatewayCertPassword = ConvertTo-SecureString -String "Xc8FlsHq8hmLnKXk4AaD8ug6HYH2dpSWLjwg9eNeDIK103d3akbd0OccgZZ6bL48" -Force -AsPlainText;[String]$gatewayCertPath = Join-Path -Path 'cert:\localMachine\my\' -ChildPath "$($gatewayCert.Thumbprint)";Export-PfxCertificate -Cert $gatewayCertPath -FilePath gateway-certificate.pfx -Password $gatewayCertPassword; # private keyExport-Certificate    -Cert $gatewayCertPath -FilePath gateway.crt;                                            # public key

param([Parameter(Mandatory=$True)][string]$CertificateName)# paths$ExeMakeCert = "$env:ProgramFiles\Microsoft Office Servers\15.0\Tools\makecert.exe"$ExeCertManager = "$env:ProgramFiles\Microsoft Office Servers\15.0\Tools\certmgr.exe"$CertPath = "$env:UserProfile\MyCertificates"$CertName = $CertificateName + ".cer"# create the certificate$CertificateFullPath = Join-Path -Path $CertPath -ChildPath $CertName& "$ExeMakeCert -replace -pe -ne ""CN=www.dirry.eu"" -b 01/01/2025 -e 01/01/2025 -ss my -sr -localMachineName -sky exchange -sp ""Microsof RSA SChannel Cryptographic Provider"" -sy 12 $CertificateFullPath"# get certificate thumbprint $AppCertificate = Get-PfxCertificate -FilePath $CertificateFullPath# add certificate to local machine root& "$ExeCertManager /add $CertificateFullPath /s /r localMachine root"# export private key for certificateGet-ChildItem cert:\\localmachine\my | Where-Object { $_.Thumbprint -eq $AppCertificate.Thumbprint } | ForEach-Object {    $CertPfxName = (Get-Item -Path $CertificateFullPath).BaseName    $CertPfxName += ".pfx"    $CertExportPath = Join-Path -Path $CertPath -ChildPath $CertPfxName    $CertFileByteArray = $_.Export("PFX", $CertPassword)    [System.IO.File]::WriteAllBytes($CertExportPath, $CertFileByteArray)}

# get references to site's auth realm$spweb = Get-SPWeb "http://sp.mydomain.com/"$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site# if no App GUID was passed in, create oneif([string]::IsNullOrEmpty($AppGuid)) {   $AppGuid = [Guid]::NewGuid().ToString()}$fullAppIdentifier = $AppGuid + '@' + $realm# get certificate$certificate = Get-PfxCertificate $certificateFullPath#register app vertificate as trusted by SharePoint site$secureTokenIssuer = New-SPTrustedSecurityTokenIssuer -Name $AppDisplayName -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier#register app principal $appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName $AppDisplayName