✨ Create certificate generation script for SFA workflow

[J-MaFf]

Objective

Create a PowerShell script to generate certificates for users, complementing the existing Export-UserCertificates.ps1 script.

Current State

• Export-UserCertificates.ps1 exists to export certificates from the Windows Certificate Store
• However, there's no script to generate certificates initially
• Users must manually create certificates through Windows UI or other tools

Desired State

• A new script: New-UserCertificates.ps1 (or similar)
• Ability to generate certificates for specified users
• Support for common certificate types (code signing, encryption, authentication, etc.)
• Certificates stored in the Windows Certificate Store for later export

Proposed Features

• Accept user names from file or parameter
• Support different certificate types/purposes
• Specify certificate validity period (expiration date)
• Option to set certificate friendly name
• Output summary of created certificates
• Integrate with Active Directory user lookup

Implementation Considerations

• Use New-SelfSignedCertificate cmdlet (Windows 2012 R2+)
• Determine certificate subject format (CN=username, etc.)
• Key size and hash algorithm defaults
• Whether to use LocalMachine or CurrentUser store
• Batch processing multiple users efficiently

Related Scripts

• Export-UserCertificates.ps1 - Exports generated certificates
• Publish-SFACertificates.ps1 - Distributes certificates to branch servers

Dependencies

• PowerShell 5.0+
• PKI module (likely already available on Windows)

Notes

Currently discovered need when testing Export-UserCertificates.ps1 - user had no certificates to export because they hadn't been generated yet.