Create client credentials
Remember to keep the private key extremly safe. If you ever loose control over it, generate a new certificate immediately, so that we can start using the new one.
Powershell Core
$ClientId = Read-Host -Prompt 'Enter ClientId (GUID, provided by EG)'
$ValidityMonths = Read-Host -Prompt 'Enter expiry time in months (Number, between 1 and 24)'
$certName = Read-Host -Prompt 'Enter certificate name (Should contain your company name)'
$certStore = "cert:\CurrentUser\My"
$commonName="EG Client Auth for $certName"
$publicKeyFilename = "$ClientId.cer"
$newCert = New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -FriendlyName $certName -Subject "CN=$commonName" -KeySpec KeyExchange -KeyLength 4096 -NotAfter (Get-Date).ToUniversalTime().AddMonths($ValidityMonths) -NotBefore (Get-Date).ToUniversalTime()
$exportFile = Export-Certificate -Cert $newCert -FilePath $publicKeyFilename -Type CERT
"--------------------------"
"SUCCESS: Certificate with name '$commonName' created in $certStore, use it to authenticate against EG services. Public key exported to '$publicKeyFilename', send that file to EG."
"--------------------------"
OpenSSL
#!/bin/bash
echo 'Enter ClientId (GUID, provided by EG):'
read ClientId
echo 'Enter expiry time in months (Number, between 1 and 24):'
read ValidityMonths
echo 'Enter certificate name (Should contain your company name):'
read CertName
commonName="EG Client Auth for $CertName"
let days=$ValidityMonths*30
openssl req -new -newkey rsa:4096 -sha256 -nodes -subj "/CN=$commonName" -keyout $ClientId.key -out $ClientId.csr
openssl x509 -req -days $days -in $ClientId.csr -signkey $ClientId.key -out $ClientId.crt
rm $ClientId.csr
echo '--------------------------'
echo "SUCCESS: Public key '$commonName' created in '$ClientId.crt', send that file to EG. Use private key '$ClientId.key' to authenticate against EG services."
echo '--------------------------'