Updated for security and SHA256 requirements

Signed-off-by: Jack D. Pond <jack.pond@psitex.com>

AskForCertificate(CSR).bat

@@ -59,11 +59,13 @@ if !CertID! GTR 0 if !CertID! LEQ !DirCount! (
 :NewDir
 
 if NOT EXIST %CertName% mkdir %CertName%
+if NOT EXIST "%CertName%/certs" mkdir "%CertName%/certs"
 if NOT EXIST "%CertName%/private" mkdir "%CertName%/private"
 if NOT EXIST "%CertName%/etc" mkdir "%CertName%/etc"
+if NOT EXIST "%CertName%/rqsts" mkdir "%CertName%/rqsts"
 copy /Y "etc\ClientConfigurations\%Picked_Name%" "%CertName%\etc\*.*" > nul
 
-%OpenSSLExe% req -new -keyout "%CertName%/private/%CertName%.key" -days 730 -out "%CertName%/%CertName%.csr.txt" -config "etc/ClientConfigurations/%Picked_Name%"
+%OpenSSLExe% req -newkey rsa:2048 -sha256 -out "%CertName%/rqsts/%CertName%.csr.txt" -keyout "%CertName%/private/%CertName%.key" -config "%CertName%/etc/%Picked_Name%" -pkeyopt rsa_keygen_bits:2048
 
 @cacls %CertName% /T /G "%USERDOMAIN%\%USERNAME%":F > nul < yes.txt
 
@@ -72,9 +74,9 @@ rem FOR /F "usebackq skip=2 tokens=2* delims=\:" %%i in (`cacls "%CertName%"`) d
 echo.
 echo Two files have been created:
 echo		%CD%\%CertName%\private\%CertName%.key - Private Key
-echo		%CD%\%CertName%\%CertName%.csr.txt - Certificate Signing Request ^(CSR^)
+echo		%CD%\%CertName%\rqsts%\%CertName%.csr.txt - Certificate Signing Request ^(CSR^)
 echo.
-echo Please attach the CSR ^( %CD%\%CertName%\%CertName%.csr.txt ^) to an email and send it to the Certificate Authority (CA) Administrator.
+echo Please attach the CSR ^( %CD%\%CertName%\rqsts\%CertName%.csr.txt ^) to an email and send it to the Certificate Authority (CA) Administrator.
 echo.
 echo The CA Administrator will mail back a URL where you can copy your certificate with instructions on how to create your own private/public set.
 pause

ConvertEncrypted509toNoPass509key.bat → ConvertNoPassPrivateToPassPrivate.bat

@@ -32,7 +32,7 @@ echo.
 set DirNames=
 set /a DirCount=0
 FOR /F "usebackq delims=" %%i in (`dir /B/AD`) do (
-	if exist "%%i\%%i.nopass.key" (
+	if exist "%%i\private\%%i.nopass.key" (
 		set /a DirCount += 1
 		if !DirCount! GTR 1 Set DirNames=!DirNames!,
 		Set DirNames=!DirNames!%%i
@@ -51,7 +51,7 @@ if !DirCount! == 0 (
 
 if !DirCount! == 1 (
 	set Picked_Name=!DirNames!
-	goto :ValidCAName
+	goto :ValidCertName
 ) else (
 	call :parsenames "!DirNames!" 1
 	set /p CertID=Which key would you like to convert(by number^)[or q to quit]?: 

ConvertPasswordlessKey(from509key).bat → ConvertPassPrivatetoNoPassPrivate.bat

@@ -5,7 +5,7 @@ Rem <b>CreatePasswordlessKey(from509key)</b> command file.
 Rem @author Jack D. Pond
 Rem @version 0.1 / Windows Batch Processor
 Rem @see https://github.com/jdpond/WinCertUtilities/wiki
-Rem @description Extract a private, unencrypted RSA key (pem) from a full 509v3
+Rem @description Extract a private, unencrypted RSA key (pem) from a full 509v3 password protected key
 Rem @param CertName - Name of the certificate corresponding to directory and certnames
 
 call "etc/CertConfig.bat"
@@ -27,7 +27,7 @@ if "%1" NEQ "" (
 	if exist "!CertName!\private\!CertName!.key" goto :ValidCertName
 )
 
-echo Create a private, encrypted ^(aes256^) RSA key ^(pem^) from a 509v3 unencrypted key
+echo Extract a private, unencrypted RSA key (pem) from a full 509v3 password protected key
 echo.
 set DirNames=
 set /a DirCount=0
@@ -82,7 +82,6 @@ if not "%CertConfirm%" == "y" if not "%CertConfirm%" == "Y" (
 )
 
 %OpenSSLExe% rsa -in "%Picked_Name%\private\%Picked_Name%.key" -out "%Picked_Name%\private\%Picked_Name%.nopass.key"
-
 echo.
 echo The following file has been created:
 echo       Private no password RSA (x509) Key - ^>^>^> %CD%\%Picked_Name%\private\%Picked_Name%.nopass.key ^<^<^<

CreateCERfromCRT.bat

@@ -16,15 +16,15 @@ if "%1" NEQ "" (
 	set TestVar=!CertName:~0,1!
 	set TestVar2="
 	if !TestVar!==!TestVar2! set CertName=!CertName:~1,-1!
-	if exist "!CertName!\certs\!CertName!.crt" goto :ValidCertName
+	if exist "!CertName!\!CertName!.crt" goto :ValidCertName
 )
 
 echo Convert a 509 public certificate ^(CRT^) to DER format ^(CER^)
 echo.
 set DirNames=
 set /a DirCount=0
 FOR /F "usebackq delims=" %%i in (`dir /B/AD`) do (
-	if exist "%%i\certs\%%i.crt" (
+	if exist "%%i\%%i.crt" (
 		set /a DirCount += 1
 		if !DirCount! GTR 1 Set DirNames=!DirNames!,
 		Set DirNames=!DirNames!%%i
@@ -34,7 +34,7 @@ FOR /F "usebackq delims=" %%i in (`dir /B/AD`) do (
 
 if !DirCount! == 0 ( 
 	echo.
-	echo You do not have a CRT public key in your path.  You need to have a unencrypted key ^(%%name%%\certs\%%name%%.crt^)
+	echo You do not have a CRT public key in your path.  You need to have a unencrypted key ^(%%name%%\%%name%%.crt^)
 	echo in a named sub directory ^(%%name%%^).
 	echo.
 	pause
@@ -43,7 +43,7 @@ if !DirCount! == 0 (
 
 if !DirCount! == 1 (
 	set Picked_Name=!DirNames!
-	goto :ValidCAName
+	goto :ValidCertName
 ) else (
 	call :parsenames "!DirNames!" 1
 	set /p CertID=Which key would you like to convert(by number^)[or q to quit]?: 
@@ -61,7 +61,7 @@ if !CertID! GTR 0 if !CertID! LEQ !DirCount! (
 
 :ValidCertName
 
-if exist "%Picked_Name%\certs\%Picked_Name%.cer" (
+if exist "%Picked_Name%\%Picked_Name%.cer" (
 	set /p CertConfirm=Are you sure you want to create a new public DER key "%Picked_Name%.cer"^(KEY ALREADY EXISTS^)^(y,n^)[y]?:
 ) else (
 	set /p CertConfirm=Are you sure you want to create a new public DER key "%Picked_Name%.cer"^(y,n^)[y]?:
@@ -72,11 +72,12 @@ if not "%CertConfirm%" == "y" if not "%CertConfirm%" == "Y" (
 	pause
 	goto :eof
 )
-%OpenSSLExe% x509 -outform der -in %Picked_Name%/certs/%Picked_Name%.crt" -out "%Picked_Name%/certs/%Picked_Name%.cer" 
+
+%OpenSSLExe% x509 -outform der -in %Picked_Name%/%Picked_Name%.crt" -out "%Picked_Name%/%Picked_Name%.cer" 
 
 echo.
 echo The following file has been created:
-echo       DER (Base-64 encoded) Certificate ^>^>^> %CD%\%CertName%\certs\%CertName%.cer ^<^<^<
+echo       DER (Base-64 encoded) Certificate ^>^>^> %CD%\%CertName%\%CertName%.cer ^<^<^<
 echo.
 pause
 goto :eof

CreateServerSSLCertRequest.bat

@@ -43,10 +43,6 @@ if NOT EXIST "%CertName%/rqsts" mkdir "%CertName%/rqsts"
 
 
 :NoNewDir
-rem openssl req -new -newkey rsa:2048 -nodes -out support_lextechaudits_com.csr -keyout support_lextechaudits_com.key -subj "/C=US/ST=Pennsylvania/L=Philadelphia/O=Lexington Technology/OU=Technology Services/CN=support.lextechaudits.com"
-rem "c:\Program Files (x86)\OpenSSL\bin\openssl.exe" req -new -newkey rsa:2048 -nodes -out support_lextechaudits_com.csr -keyout support_lextechaudits_com.key -subj "/C=US/ST=Pennsylvania/L=Philadelphia/O=Lexington Technology/OU=Technology Services/CN=support.lextechaudits.com"
-rem %OpenSSLExe% req -new -newkey rsa:2048 -keyout "%CertName%\%CertName%.privatekey.pem"  -days 365 -out "%CertName%\%CertName%.csr.txt" -config "%CertTempl%"
-rem %OpenSSLExe% req -new -newkey rsa:2048 -x509 -sha256 -out "%CertName%/%CertName%.csr.txt" -keyout "%CertName%/%CertName%.privatekey.pem" -config "%CertTempl%"
 %OpenSSLExe% req -newkey rsa:2048 -sha256 -out "%CertName%/rqsts/%CertName%.csr.txt" -keyout "%CertName%/private/%CertName%.key" -config "etc/CAConfigurations/ServerSSLCertificate.conf" -pkeyopt rsa_keygen_bits:2048
 
 FOR /F "usebackq skip=2 tokens=2* delims=\:" %%i in (`cacls "%CertName%"`) do cacls "%CertName%" /E /R %%i >nul

PingRange.bat

@@ -0,0 +1,84 @@
+@echo off
+setLocal EnableDelayedExpansion
+Rem 
+Rem <b>CASignCSR</b> command file.
+Rem @author Jack D. Pond
+Rem @version 0.2 / Windows Batch Processor
+if "%1" == "" goto :CommandInstructions
+:CommandLoop
+set _param=%1
+set _param2=%2
+
+if "%_param%"=="" goto :CommandParsed
+if "%_param:~0,1%" NEQ "-" goto :CommandError
+
+set /a PingStart=1
+set /a PingMaxAddr=256
+set PingRange=127.0.0
+
+
+:CASE
+goto :CASE_%_param:~1,1%
+IF NOT %ERRORLEVEL% == 0 goto :CommandError
+
+:CASE_r
+	if "%_param2:~0,1%" == "-" goto :CommandError
+	set PingRange=%_param2%
+	SHIFT
+	SHIFT
+	goto :ENDCASE
+
+:CASE_s
+	if "%_param2:~0,1%" == "-" goto :CommandError
+	set /a PingStart=%_param2%
+	SHIFT
+	SHIFT
+	goto :ENDCASE
+
+:CASE_h
+	goto :CommandInstructions
+	goto :ENDCASE
+
+:CASE_n
+	if "%_param2:~0,1%" == "-" goto :CommandError
+	set /a PingMaxAddr=%_param2%
+	SHIFT
+	SHIFT
+	goto :ENDCASE
+
+:ENDCASE
+
+goto :CommandLoop
+
+:CommandParsed
+echo The following addresses replied for %PingRange%.1 through %PingRange%.%PingMaxAddr%: > "RepliedAddrs%PingRange%.txt"
+
+:StartLoop
+if %PingStart% GTR %PingMaxAddr% goto :ExitHere
+	echo Testing %PingRange%.%PingStart%
+	ping -n 1 -w 1000 %PingRange%.%PingStart% > nul
+	IF %ERRORLEVEL% EQU 0 Echo Replied at %PingRange%.%PingStart% >> ""RepliedAddrs%PingRange%.txt"
+	set /a PingStart += 1
+goto :StartLoop
+
+:CommandError
+echo.
+echo The parameter %_param% was invalid.
+:CommandInstructions
+echo.
+echo PingRange -r x.y.z [-s start] [-n end]
+echo.
+echo The following parameters are available for PingRange:
+echo   -h		This help message
+echo   -r		IP Range of the class C in the format x.y.z eg. 127.0.0
+echo   -s		Start range number ^(greater than 0^) ^[1^]
+echo   -n		end range number ^(less than 256^) ^[256^]
+echo.
+echo. Example:
+echo		PingRange -r 127.0.0 -s 2 -n 3
+echo.
+echo		Example Pings 127.0.0.2 through 127.0.0.3
+echo.
+
+:ExitHere
+pause

etc/CAConfigurations/ServerSSLCertificate.conf

@@ -176,7 +176,7 @@ localityName					= Locality Name (eg, city)
 localityName_default			= Philadelphia
 
 organizationName				= Organization Name (eg, company)
-organizationName_default		= Lexington Technology
+organizationName_default		= Your Organization
 
 organizationalUnitName			= Organizational Unit Name (eg, section)
 organizationalUnitName_default	= Technology Services

etc/CAConfigurations/rootca.conf

@@ -75,9 +75,10 @@ copy_extensions         = none					# Copy extensions from CSR
 x509_extensions         = rootca_ext			# Default cert extensions
 default_crl_days        = 365					# How long before next CRL
 crl_extensions          = crl_ext				# CRL extensions
+logo_extensions         = logotype_ext			# Logo extensions
 
 [ signingca ]
-certificate             = $CA_DIR/$ca.crt	# The CA cert
+certificate             = $CA_DIR/$ca.crt		# The CA cert
 private_key             = $CA_DIR/private/$ca.key # CA private key
 new_certs_dir           = $CA_DIR/certs			# Certificate archive
 serial                  = $CA_DIR/db/$ca.crt.srl	# Serial number file
@@ -147,4 +148,22 @@ authorityInfoAccess     = @issuer_info
 caIssuers;URI.0         = $cidp_uri
 
 [ crl_info ]
-URI.0                   = $crl_uri
+URI.0                   = $crl_uri
+
+[extra_extensions] 
+1.3.6.1.5.5.7.1.12              = ASN1:SEQUENCE:logotype_ext 
+
+[logotype_ext] 
+issuerLogo=EXPLICIT:1,SEQUENCE:logotype_indirect   
+
+[logotype_indirect] 
+refStructHash=SEQWRAP,SEQUENCE:LogoHashAlgAndValue 
+refStructURI=SEQWRAP,IA5STRING:http://some.valid.url.here
+
+[LogoHashAlgAndValue] 
+hashAlg=SEQUENCE:logo_algid 
+hashValue=FORMAT:HEX,OCTETSTRING:016f8b361f9c13859ea8e4620a9de56553f4ce6b 
+
+[logo_algid] 
+capabilityID = OID:sha1 
+parameter = NULL 

etc/CertConfig.bat

@@ -9,19 +9,24 @@ REM echo Could not find the program ssh-keygen which is part of OpenSSH.
 REM echo You can install it from:  http://sourceforge.net/projects/sshwindows/files/OpenSSH%20for%20Windows%20-%20Release/
 set DefaultCAEmail="noreply@yourserver.com"
 
-if exist "c:\Program Files\OpenSSL\bin\openssl.exe" (
-	set OpenSSLExe="c:\Program Files\OpenSSL\bin\openssl.exe"
-	) else (
-		if exist "c:\Program Files (x86)\OpenSSL\bin\openssl.exe" (
-			set OpenSSLExe="c:\Program Files (x86)\OpenSSL\bin\openssl.exe"
-		) else (
-			echo Could not find the program OpenSSL.
-			echo You can install it from:  http://www.slproweb.com/products/Win32OpenSSL.html
-			pause
-			set OpenSSLExe=""
-			exit -1
-		)
-	)
+if exist "C:/bin/OpenSSL/bin/openssl.exe" (
+      set OpenSSLExe="C:/bin/OpenSSL/bin/openssl.exe"
+      set OPENSSL_CONF=C:/bin/OpenSSL/bin/openssl.cfg
+  ) else (
+  if exist "C:/Program Files (x86)/Git/bin/openssl.exe" (
+    set OpenSSLExe="C:/Program Files (x86)/Git/bin/openssl.exe"
+    ) else (
+      if exist "c:\Program Files (x86)\OpenSSL\bin\openssl.exe" (
+        set OpenSSLExe="c:\Program Files (x86)\OpenSSL\bin\openssl.exe"
+      ) else (
+        echo Could not find the program OpenSSL.
+        echo You can install it from:  http://www.slproweb.com/products/Win32OpenSSL.html
+        pause
+        set OpenSSLExe=""
+        exit -1
+      )
+    )
+  )
 )
 
 if exist "c:\Program Files (x86)\Git\bin\ssh-keygen.exe" (