You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
95 lines
2.4 KiB
95 lines
2.4 KiB
# Generate PFX for IIS (Internet Information Service)
|
|
|
|
# Load libraries
|
|
#Add-Type -AssemblyName 'C:\Windows\System32\inetsrv\Microsoft.Web.Administration.dll'
|
|
using assembly C:\Windows\System32\inetsrv\Microsoft.Web.Administration.dll
|
|
|
|
$FullDomain = $args[0]
|
|
$DebugPreference = "Continue"
|
|
# $DebugPreference="SilentlyContinue"
|
|
$IIS_SiteName = $args[1]
|
|
$Path = $args[2]
|
|
# Files
|
|
|
|
$PfxFile = "$Path$FullDomain.pfx"
|
|
$CrtFile = "$Path$FullDomain.crt"
|
|
$KeyFile = "$Path$FullDomain.key"
|
|
|
|
Write-Debug "Generating pfx certificate"
|
|
openssl pkcs12 -inkey "$KeyFile" -in "$CrtFile" -password pass:$FullDomain -export -out "$PfxFile"
|
|
|
|
# Delete old certificate and install the new PFX Certificate
|
|
|
|
# Get all certificates
|
|
$Store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "LocalMachine")
|
|
$Store.Open("MaxAllowed")
|
|
|
|
# Loop over all and delete matching certificate for the current domain
|
|
|
|
$Ssc = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
|
|
|
|
for ($i = 0; $i -lt $Store.Certificates.Count; $i++) {
|
|
|
|
$Item = $Store.Certificates.Item($i)
|
|
|
|
if ($Item.subject.Contains($FullDomain)) {
|
|
|
|
Write-Debug "Adding $FullDomain certificate for deletion!"
|
|
$result=$Ssc.Add($Item)
|
|
}
|
|
}
|
|
|
|
for ($i = 0; $i -lt $Ssc.Count; $i++) {
|
|
|
|
Write-Debug "Deleting $FullDomain certificate!"
|
|
|
|
$Store.RemoveRange($Ssc.Item($i))
|
|
}
|
|
|
|
|
|
# $X509KeyStorageFlags Enums
|
|
$X509KeyStorageFlagsExportable = 4
|
|
$X509KeyStorageFlagsPersistKeySet = 16
|
|
$X509KeyStorageFlagsMachineKeySet = 2
|
|
|
|
<#
|
|
$X509KeyStorageFlagsDefaultKeySet=0
|
|
$X509KeyStorageFlagsUserKeySet=1
|
|
$X509KeyStorageFlagsUserProtected=8
|
|
$X509KeyStorageFlagsEphemeralKeySet=32
|
|
#>
|
|
|
|
# Prepare for loading new certificated
|
|
$PFXCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($PfxFile, $FullDomain,
|
|
(
|
|
$X509KeyStorageFlagsExportable +
|
|
$X509KeyStorageFlagsPersistKeySet +
|
|
$X509KeyStorageFlagsMachineKeySet
|
|
)
|
|
)
|
|
|
|
#Save New Cert
|
|
$Store.Add($PFXCert);
|
|
$Store.Close();
|
|
|
|
# IIS Binding - Need to rebind the domain to the new certificate
|
|
$Manager = New-Object Microsoft.Web.Administration.ServerManager
|
|
$Site = $Manager.Sites[$IIS_SiteName]
|
|
|
|
|
|
for ($i = 0; $i -lt $Site.Bindings.Count; $i++) {
|
|
|
|
$Bind = $Site.Bindings.Item($i);
|
|
|
|
$Protocol = $Bind.Protocol
|
|
$hostname = $Bind.Host
|
|
|
|
if ($Protocol -eq "https") {
|
|
Write-Debug "Binding ${protocol}://${hostname}"
|
|
$Bind.CertificateHash = $PFXCert.GetCertHash()
|
|
}
|
|
}
|
|
|
|
$Manager.CommitChanges()
|
|
|
|
Write-Debug "PFX complete!"
|