Whoever went through all the 21 steps for requesting a SSL certificate with a custom Subject Alternative Name will know what it actually means to do monkey business.
Hence I wrote myself a PowerShell script. The script requires two files:
* An settings template .inf file that defines the certificate request settings.
* A JSON file with all the information about the Distinguished Name of the certificate, like Common Name, Organization and Subject Alternative Names.
My script will parse the JSON file and create a temporary policy file. From this temporary file it will build a certificate signing request using certreq.exe command-line tool.
The script should be started from an elevated command prompt like this:
C:> .\Create-SanCsr.ps1 -SettingsFileInf .\Settings.inf -CsrFileJson .\csr.json -OutFile MyCertRequest.txt
This Link (opens in a new window) is to the example JSON.
This Link (opens in a new window) is to the settings.inf.
This is my script Link (opens in a new window):