@ECHO OFF ::################################################################### :: CSR Decoder http://www.sslshopper.com/csr-decoder.html :: Cert Decoder http://www.sslshopper.com/certificate-decoder.html :: Test CSR $ openssl req -text -noout -verify -in CSR.csr :: Test Pub Cert $ openssl x509 -in certificate.crt -text -noout :: Test Priv Key $ openssl rsa -in privateKey.key -check :: Test PKCS12 $ openssl pkcs12 -info -in keyStore.pfx ::################################################################## :: EDIT THE FOLLOWING VARIABLES FOR YOUR ORGANIZATION AND LOCATION ::################################################################## SET C='US' SET ST='Texas' SET L='Austin' SET O='My Company Name' SET OU='My Organizational Unit' SET PFXPASSWORD='password' ::################################################################## :: DO NOT EDIT anything below this line ::################################################################## SET CONFIGFILE="%TEMP%\make-sslkeypair-config.txt" SET TEMPFILE="%TEMP%\make-sslkeypair-temp.txt" :CHECKFORARGS IF [%1] == [] ( echo. echo. echo Make SSL Keypair Usage echo ====================== echo Input: The common name plus optional unlimited SANs on the command line echo Output: CSR, self-signed public cert, private key, combined pfx file echo Example: C:\^> make-sslkeypair.cmd www.myweb.com www2.myweb.com echo. echo. GOTO END ) SET COMMONNAME=%1 :CHECKFORADMINPRIVS NET SESSION >nul 2>&1 IF NOT %ERRORLEVEL% == 0 ( echo. echo Error: Must run script with Administrator privileges. Exiting. echo. GOTO END ) :CHECKTEMPDIR COPY /Y NUL "%TEMPFILE%" > NUL 2>&1 && set WRITEOK=1 IF NOT DEFINED WRITEOK ( echo. echo Error: Can't write to system temp folder. Exiting. echo. GOTO END ) :CHECKFOREXISTINGFILES IF EXIST %COMMONNAME%.* ( echo. echo Error: Existing output files ^(%COMMONNAME%.^*^) will not be overwritten. Exiting. echo. GOTO END ) :FINDOPENSSLBINARY SET OpenSSLBinary= SET OpenSSLVersion= for %%? in (c d e) do ( dir %%?:\ > nul 2>nul if exist %%?:\ dir /b /s %%?:\openssl.exe > %TEMPFILE% 2>nul ) set /p OpenSSLBinary=< %TEMPFILE% "%OpenSSLBinary%" version > %TEMPFILE% 2>nul set /p OpenSSLVersion=< %TEMPFILE% IF NOT "%OpenSSLVersion:~0,8%" == "OpenSSL " ( echo. echo Error: OpenSSL.exe not found. Exiting. echo. GOTO END ) echo. echo Found: %OpenSSLBinary%. Good! :CREATECONFIGFILE ( echo [ req ] echo distinguished_name=req_distinguished_name echo prompt=no echo req_extensions = v3_req echo [ v3_req ] echo basicConstraints = CA:FALSE echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment echo extendedKeyUsage = serverAuth echo subjectAltName = @alt_names echo [ req_distinguished_name ] echo C=%C% echo ST=%ST% echo L=%L% echo O=%O% echo OU=%OU% echo CN=%COMMONNAME% echo [ alt_names ] ) > %CONFIGFILE% setlocal EnableDelayedExpansion set /a i=1 for %%x in (%*) do ( echo DNS.!i! = %%x >> %CONFIGFILE% set /a i+=1 ) ENDLOCAL :CREATE echo. echo Running . . . "%OpenSSLBinary%" genrsa -out %COMMONNAME%.key 2048 > NUL 2>&1 "%OpenSSLBinary%" req -new -key %COMMONNAME%.key -out %COMMONNAME%.csr -config %CONFIGFILE% > NUL 2>&1 "%OpenSSLBinary%" x509 -req -days 1825 -in %COMMONNAME%.csr -signkey %COMMONNAME%.key -out %COMMONNAME%.crt -extensions v3_req -extfile %CONFIGFILE% > NUL 2>&1 "%OpenSSLBinary%" pkcs12 -export -passout pass:$PFXPASSWORD -out %COMMONNAME%.pfx -in %COMMONNAME%.crt -inkey %COMMONNAME%.key > NUL 2>&1 :SHOWOUTPUTFILES IF NOT EXIST %COMMONNAME%.pfx ( echo. echo Error: Something went wrong. Exiting. echo. GOTO END ) echo. echo Success! echo. echo Output Files echo ============ echo %CD%\%COMMONNAME%.key ^<-- private key echo %CD%\%COMMONNAME%.csr ^<-- certificate signing request echo %CD%\%COMMONNAME%.crt ^<-- self-signed certificate for test only echo %CD%\%COMMONNAME%.pfx ^<-- private key + self-signed certificate echo. echo. :END del %CONFIGFILE% %BINSEARCHFILE% %TEMPFILE% > NUL 2>&1