TechQA.

OID Invalid Extension Specified 0x80070057

259 views Asked by At

I'm trying to use New-SelfSignedCertificate in Powershell 7.2.9 to generate a self signed code signing cert for development purposes.

When I try create the certificate I get the following OID error:

Invalid extension specified: 2.5.29.37.3={text}1.3.6.1.5.5.7.3.3:
CertEnroll::CX509Extension::_InitializeFromString: 2.5.29.37.3={text}1.3.6.1.5.5.7.3.3: The parameter is incorrect.
0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)

Everything I've read indicates that I'm using the correct text extension and OID (https://oidref.com/1.3.6.1.5.5.7.3.3) for this purpose.

What am I missing/unable to see?

#Included the Root Cert's generation code too incase there's an issue with it
#that breaks the code signing cert, when using the Root to sign the child cert.

$relativeDistinguishedName = ", OU=ABC, OU=DEF, OU=GHI, O=JKL, L=MNO, ST=MA, C=US"
$rootFriendlyName = "ABC - DEV Root CA"
$codeSigningFriendlyName = "ABC - DEV Code Signing"

Function GetRootCA(){
    #Retrieve appropraite root CA to sign this certificate
    $rootCA = Get-ChildItem -Path "Cert:\LocalMachine\My" -Recurse | 
        Where-Object {$_.FriendlyName -eq $rootFriendlyName}
    
    return $rootCA
}

function GenerateRootCA() {
    $rootCA = GetRootCA
    if($rootCA -ne $null){
        " "
        Write-Host "Trusted root certificate located."
        $rootCA | Format-List -Property *
        return
    }

    Write-Host "Generating root CA certificate." -ForegroundColor Yellow

    $certSub = -Join("CN=ABC Dev - Root CA", $relativeDistinguishedName)

    $certParms = @{
        Type = "Custom"
        CertStoreLocation = "Cert:\LocalMachine\My"     
        Subject = $certSub
        FriendlyName = $rootFriendlyName
        NotAfter = (Get-Date).AddYears(2)
        KeyExportPolicy = "NonExportable"
        KeyDescription = "A development network root certificate authority for creating trusted development certificates."
        KeySpec = "Signature"
        KeyUsage = "None"
        KeyUsageProperty = "All"
    }
    $cert = New-SelfSignedCertificate @certParms
    $cert | Format-List -Property *
}

function GenerateCodeSigning() {    
    $rootCA = GetRootCA
    if($rootCA -eq $null){
        Write-Host "No trusted root certificate located!" -ForegroundColor Red
        return
    }

    $certSub = -Join("CN=ABC Dev - Code Signing", $relativeDistinguishedName)

    $certParms = @{
        Type = "CodeSigningCert"
        CertStoreLocation = "Cert:\LocalMachine\My"
        Subject = $certSub
        FriendlyName = $codeSigningFriendlyName
        NotAfter = (Get-Date).AddYears(2)
        KeyExportPolicy = "Exportable"
        KeyDescription = "A development network code signing certificate for ABC applications."
        KeyAlgorithm = "RSA"
        KeyLength = 2048
        HashAlgorithm = "SHA256"
        Provider = "Microsoft Enhanced RSA and AES Cryptographic Provider"
        Signer = $rootCA    
        KeySpec = "Signature"
        KeyUsage = @("DigitalSignature")
        TextExtension = @("2.5.29.37.3={text}1.3.6.1.5.5.7.3.3")
    }

    $cert = New-SelfSignedCertificate @certParms
    $cert | Format-List -Property *
}
powershell certificate oid
Original Q&A
0

There are 0 answers

Related Questions in POWERSHELL

Related Questions in CERTIFICATE

Related Questions in OID

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions