DSCResources/DSC_CertReq/en-US/about_CertReq.help.txt
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 |
.NAME
CertReq .DESCRIPTION The resource is used to request a new certificate from an certificate authority. .PARAMETER Subject Key - String Provide the text string to use as the subject of the certificate. .PARAMETER FriendlyName Key - String Specifies a friendly name for the certificate. .PARAMETER CAType Write - String The type of CA in use, Standalone/Enterprise. .PARAMETER CAServerFQDN Write - String The FQDN of the Active Directory Certificate Authority on the local area network. Leave empty to automatically locate. .PARAMETER CARootName Write - String The name of the certificate authority, by default this will be in format domain-servername-ca. Leave empty to automatically locate. .PARAMETER KeyLength Write - String Allowed values: 192, 224, 256, 384, 521, 1024, 2048, 4096, 8192 The bit length of the encryption key to be used. Defaults to 2048. .PARAMETER Exportable Write - Boolean The option to allow the certificate to be exportable, by default it will be true. .PARAMETER ProviderName Write - String The selection of provider for the type of encryption to be used. .PARAMETER OID Write - String The Object Identifier that is used to name the object. .PARAMETER KeyUsage Write - String The Keyusage is a restriction method that determines what a certificate can be used for. .PARAMETER CertificateTemplate Write - String The template used for the definition of the certificate. .PARAMETER SubjectAltName Write - String The subject alternative name used to create the certificate. .PARAMETER Credential Write - Instance The PSCredential object containing the credentials that will be used to access the template in the Certificate Authority. .PARAMETER AutoRenew Write - Boolean Determines if the resource will also renew a certificate within 7 days of expiration. .PARAMETER CepURL Write - String The URL to the Certification Enrollment Policy Service. .PARAMETER CesURL Write - String The URL to the Certification Enrollment Service. .PARAMETER UseMachineContext Write - Boolean Indicates whether or not the flag -adminforcemachine will be used when requesting certificates. Necessary for certain templates like e.g. DomainControllerAuthentication .PARAMETER KeyType Write - String Allowed values: RSA, ECDH Specifies if the key type should be RSA or ECDH, defaults to RSA. .PARAMETER RequestType Write - String Allowed values: CMC, PKCS10 Specifies if the request type should be CMC or PKCS10, deafults to CMC. .EXAMPLE 1 Request and Accept a certificate from an Active Directory Root Certificate Authority. This certificate is issued using an subject alternate name with multiple DNS addresses. This example is allowing storage of credentials in plain text by setting PSDscAllowPlainTextPassword to $true. Storing passwords in plain text is not a good practice and is presented only for simplicity and demonstration purposes. To learn how to securely store credentials through the use of certificates, please refer to the following TechNet topic: https://technet.microsoft.com/en-us/library/dn781430.aspx configuration CertReq_RequestAltSSLCert_Config { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateNotNullorEmpty()] [System.Management.Automation.PSCredential] $Credential ) Import-DscResource -ModuleName CertificateDsc Node localhost { CertReq SSLCert { CARootName = 'test-dc01-ca' CAServerFQDN = 'dc01.test.pha' Subject = 'contoso.com' KeyLength = '2048' Exportable = $true ProviderName = 'Microsoft RSA SChannel Cryptographic Provider' OID = '1.3.6.1.5.5.7.3.1' KeyUsage = '0xa0' CertificateTemplate = 'WebServer' SubjectAltName = 'dns=fabrikam.com&dns=contoso.com' AutoRenew = $true FriendlyName = 'SSL Cert for Web Server' Credential = $Credential KeyType = 'RSA' RequestType = 'CMC' } } } .EXAMPLE 2 Request and Accept a certificate from an Active Directory Root Certificate Authority. This example is allowing storage of credentials in plain text by setting PSDscAllowPlainTextPassword to $true. Storing passwords in plain text is not a good practice and is presented only for simplicity and demonstration purposes. To learn how to securely store credentials through the use of certificates, please refer to the following TechNet topic: https://technet.microsoft.com/en-us/library/dn781430.aspx configuration CertReq_RequestSSLCert_Config { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateNotNullorEmpty()] [System.Management.Automation.PSCredential] $Credential ) Import-DscResource -ModuleName CertificateDsc Node localhost { CertReq SSLCert { CARootName = 'test-dc01-ca' CAServerFQDN = 'dc01.test.pha' Subject = 'foodomain.test.net' KeyLength = '2048' Exportable = $true ProviderName = 'Microsoft RSA SChannel Cryptographic Provider' OID = '1.3.6.1.5.5.7.3.1' KeyUsage = '0xa0' CertificateTemplate = 'WebServer' AutoRenew = $true FriendlyName = 'SSL Cert for Web Server' Credential = $Credential KeyType = 'RSA' RequestType = 'CMC' } } } |