How to generate IIS7 CSR (for SSL) from C# code or using Powershell on server which IIS is running_问答_开发者

How to generate IIS7 CSR (for SSL) from C# code or using Powershell on server which IIS is running

开发者 https://www.devze.com 2023-04-09 14:18 出处：网络

How I can generate a server SSL Certificate Signing Request (CSR) from C#? If PowerShell is a bett开发者_如何学编程er option, that would be a good solution as well.Some general pointers:

相关专题：csr iis-7

How I can generate a server SSL Certificate Signing Request (CSR) from C#? If PowerShell is a bett开发者_如何学编程er option, that would be a good solution as well.

Some general pointers:

http://msdn.microsoft.com/en-us/library/aa382488%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa382820%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.aspx
http://blogs.msdn.com/b/alejacma/archive/2008/09/05/how-to-create-a-certificate-request-with-certenroll-and-net-c.aspx
http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/

EDIT - as per comments:

The COM object CertEnroll provided by MS can be accessed via PowerShell...

I know it's three years later, but the links in Yahia's solution state that they will not work for Server 2008. Using PowerShell, I was able to use Certreq.exe, which ships with Server 2008, to generate the CSR. The documentation for Certreq is here, along with the full format for the INF file. Of course, substitute your own values for the distinguished name. The letters correspond to these fields:

CN: Common Name
O: Organization
OU: Organizational Unit
L: City/locality
S: State/Province
C: Country/region

The script assumes you have an environment variable named TEMP that points to a directory for which you have write access:

$reqFile = 'C:\ChangeMe\Request.req'
Push-Location $env:TEMP

@"
[NewRequest] 
Subject = "CN=www.contoso.com, O=Contoso Inc, OU=Sales, L=Redmond, S=Washington, C=US"
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
KeyLength = 2048
MachineKeySet = true
FriendlyName = "www.contoso.com"
[RequestAttributes]
CertificateTemplate="WebServer"
"@ | Out-File .\request.inf -Encoding default -Force

certreq -f -new request.inf `"$reqFile`"
Pop-Location

For those who are new to PowerShell, the @" and "@ delimiters must not be indented. (These define what is known as a "Here-String"... more information here.)