[GH-ISSUE #12] Add Windows packaging #9

New issue

Closed

opened 2026-02-26 03:33:29 +03:00 by kerem · 2 comments

kerem commented 2026-02-26 03:33:29 +03:00

Owner

Copy link

Originally created by @laurivosandi on GitHub (Feb 7, 2016).
Original GitHub issue: https://github.com/laurivosandi/certidude/issues/12

Certidude client could be packaged as MSI for Windows, installed as a service and it could allow automatic installation of OpenVPN as a service once the certificates are in place. Graphical user interface can be omitted at first.

Originally created by @laurivosandi on GitHub (Feb 7, 2016). Original GitHub issue: https://github.com/laurivosandi/certidude/issues/12 Certidude client could be packaged as MSI for Windows, installed as a service and it could allow automatic installation of OpenVPN as a service once the certificates are in place. Graphical user interface can be omitted at first.

kerem closed this issue 2026-02-26 03:33:29 +03:00

kerem commented 2026-02-26 03:33:29 +03:00

Author

Owner

Copy link

@laurivosandi commented on GitHub (Feb 25, 2018):

Porting Certidude to Windows is too much of an hassle, instead following PowerShell script seems to do the tricks:

$templ = @"
[Version] 
Signature="$Windows NT$

[NewRequest]
Subject = "CN=$env:computername"
;EncipherOnly = FALSE
Exportable = FALSE ; TRUE = Private key is exportable
KeyLength = 2048
KeySpec = 1 ; Key Exchange
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
"@

$templ | Out-File req.inf

# Fetch CA certificate and install it
Invoke-WebRequest -Uri http://ca.example.lan/api/certificate -OutFile ca_cert.pem
Import-Certificate -FilePath ca_cert.pem -CertStoreLocation Cert:\LocalMachine\Root

# Generate keypair and submit CSR
certreq -new req.inf client_csr.pem
Invoke-WebRequest -TimeoutSec 900 -Uri http://ca.example.lan/api/request/?wait=1 -InFile client_csr.pem -ContentType application/pkcs10 -Method POST  -MaximumRedirection 3 -OutFile client_cert.pem 

# Import certificate
Import-Certificate -FilePath client_cert.pem -CertStoreLocation Cert:\LocalMachine\My

# Set up IPSec VPN tunnel
Add-VpnConnection -Name example.com -ServerAddress router.example.com -SplitTunneling -PassThru -TunnelType ikev2 -AllUserConnection -AuthenticationMethod MachineCertificate
Set-VpnConnectionIPsecConfiguration -ConnectionName example.com -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA384 -PfsGroup PFS2048 -DHGroup Group14 -PassThru -AllUserConnection -Force

<!-- gh-comment-id:368339673 --> @laurivosandi commented on GitHub (Feb 25, 2018): Porting Certidude to Windows is too much of an hassle, instead following PowerShell script seems to do the tricks: ```ps1 $templ = @" [Version] Signature="$Windows NT$ [NewRequest] Subject = "CN=$env:computername" ;EncipherOnly = FALSE Exportable = FALSE ; TRUE = Private key is exportable KeyLength = 2048 KeySpec = 1 ; Key Exchange KeyUsage = 0xA0 ; Digital Signature, Key Encipherment MachineKeySet = True ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 "@ $templ | Out-File req.inf # Fetch CA certificate and install it Invoke-WebRequest -Uri http://ca.example.lan/api/certificate -OutFile ca_cert.pem Import-Certificate -FilePath ca_cert.pem -CertStoreLocation Cert:\LocalMachine\Root # Generate keypair and submit CSR certreq -new req.inf client_csr.pem Invoke-WebRequest -TimeoutSec 900 -Uri http://ca.example.lan/api/request/?wait=1 -InFile client_csr.pem -ContentType application/pkcs10 -Method POST -MaximumRedirection 3 -OutFile client_cert.pem # Import certificate Import-Certificate -FilePath client_cert.pem -CertStoreLocation Cert:\LocalMachine\My # Set up IPSec VPN tunnel Add-VpnConnection -Name example.com -ServerAddress router.example.com -SplitTunneling -PassThru -TunnelType ikev2 -AllUserConnection -AuthenticationMethod MachineCertificate Set-VpnConnectionIPsecConfiguration -ConnectionName example.com -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA384 -PfsGroup PFS2048 -DHGroup Group14 -PassThru -AllUserConnection -Force ```

kerem commented 2026-02-26 03:33:29 +03:00

Author

Owner

Copy link

@laurivosandi commented on GitHub (Apr 29, 2018):

Added with github.com/laurivosandi/certidude@a46ffcba35

<!-- gh-comment-id:385248595 --> @laurivosandi commented on GitHub (Apr 29, 2018): Added with https://github.com/laurivosandi/certidude/commit/a46ffcba358a2e00d96edc66ac59431bfe99ed11

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dev

No results found.

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/certidude-laurivosandi#9

No description provided.