154 lines
4.6 KiB
PowerShell
154 lines
4.6 KiB
PowerShell
|
function Export-Certificates {
|
||
|
|
<#
|
||
|
|
.SYNOPSIS
|
||
|
|
Exports certificates from a machine.
|
||
|
|
|
||
|
|
.PARAMETER exportPassword
|
||
|
|
|
||
|
|
The password used to secure the certificate with
|
||
|
|
|
||
|
|
.PARAMETER exportPath
|
||
|
|
|
||
|
|
The path the certificates are exported to. If no path is defined, the current working directory is used
|
||
|
|
|
||
|
|
.PARAMETER skipRootCerts
|
||
|
|
|
||
|
|
When this flag is supplied it will skip the exporting of certificates in the 'Root' store
|
||
|
|
|
||
|
|
.PARAMETER skipPersonalCerts
|
||
|
|
|
||
|
|
When this flag is supplied it will skip the exporting of certificates in the 'My' store
|
||
|
|
|
||
|
|
.PARAMETER skipTrustedCerts
|
||
|
|
|
||
|
|
When this flag is supplied it will skip the exporting of certificates in the 'Trusted' store
|
||
|
|
|
||
|
|
.PARAMETER skipIACerts
|
||
|
|
|
||
|
|
When this flag is supplied it will skip the exporting of certificates in the 'CertificateAuthority' store
|
||
|
|
|
||
|
|
#>
|
||
|
|
|
||
|
|
[CmdletBinding()]
|
||
|
|
Param(
|
||
|
|
[parameter(Mandatory=$false)]
|
||
|
|
[string]$exportPassword,
|
||
|
|
|
||
|
|
[Parameter(Mandatory=$false)]
|
||
|
|
[string]$exportPath = $PWD,
|
||
|
|
|
||
|
|
[Parameter(Mandatory=$false)]
|
||
|
|
[switch]$skipRootCerts,
|
||
|
|
|
||
|
|
[Parameter(Mandatory=$false)]
|
||
|
|
[switch]$skipPersonalCerts,
|
||
|
|
|
||
|
|
[Parameter(Mandatory=$false)]
|
||
|
|
[switch]$skipTrustedCerts,
|
||
|
|
|
||
|
|
[Parameter(Mandatory=$false)]
|
||
|
|
[switch]$skipIACerts
|
||
|
|
)
|
||
|
|
|
||
|
|
if (!$skipPersonalCerts.IsPresent -and !$exportPassword)
|
||
|
|
{
|
||
|
|
throw "Export Password cannot be null"
|
||
|
|
}
|
||
|
|
|
||
|
|
if ($skipRootCerts.IsPresent -and $skipPersonalCerts.IsPresent -and $skipTrustedCerts.IsPresent -and $skipIACerts.IsPresent)
|
||
|
|
{
|
||
|
|
throw "All Skip Switches cannot be set"
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!(Test-Path $exportPath))
|
||
|
|
{
|
||
|
|
[System.IO.Directory]::CreateDirectory($exportPath) | Out-Null
|
||
|
|
}
|
||
|
|
## Removing because of issues mocking. This shouldn't be an issue.
|
||
|
|
# Clear-Host
|
||
|
|
|
||
|
|
[System.Reflection.Assembly]::LoadWithPartialName("System.Security.Cryptography") | Out-Null
|
||
|
|
## TODO: Don't just blindly set the $ErrorActionPreference
|
||
|
|
$ErrorActionPreference = "Stop"
|
||
|
|
|
||
|
|
[Collections.Generic.List[Alkami.Ops.Common.Exceptions.CertificateExportException]]$exportErrors = @()
|
||
|
|
|
||
|
|
if (!($skipPersonalCerts.IsPresent))
|
||
|
|
{
|
||
|
|
Write-Host "Exporting Personal Certs"
|
||
|
|
|
||
|
|
$pfxExportPath = (Join-Path $exportPath "Personal")
|
||
|
|
|
||
|
|
if (!(Test-Path $pfxExportPath))
|
||
|
|
{
|
||
|
|
Write-Host "Creating directory at $pfxExportPath"
|
||
|
|
|
||
|
|
[System.IO.Directory]::CreateDirectory($pfxExportPath) | Out-Null
|
||
|
|
}
|
||
|
|
|
||
|
|
$errors = Export-Cert -exportPath $pfxExportPath $exportPassword -storeName ([System.Security.Cryptography.X509Certificates.StoreName]::My)
|
||
|
|
|
||
|
|
$exportErrors.AddRange($errors)
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!($skipIACerts.IsPresent))
|
||
|
|
{
|
||
|
|
Write-Host "Exporting IA Certs"
|
||
|
|
|
||
|
|
$iaExportPath = (Join-Path $exportPath "IA")
|
||
|
|
|
||
|
|
if (!(Test-Path $iaExportPath))
|
||
|
|
{
|
||
|
|
[System.IO.Directory]::CreateDirectory($iaExportPath) | Out-Null
|
||
|
|
}
|
||
|
|
|
||
|
|
$errors = Export-Cert -exportPath $iaExportPath -storeName ([System.Security.Cryptography.X509Certificates.StoreName]::CertificateAuthority)
|
||
|
|
|
||
|
|
$exportErrors.AddRange($errors)
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!($skipRootCerts.IsPresent))
|
||
|
|
{
|
||
|
|
Write-Host "Exporting Root Certs"
|
||
|
|
|
||
|
|
$rootExportPath = (Join-Path $exportPath "Root")
|
||
|
|
|
||
|
|
if (!(Test-Path $rootExportPath))
|
||
|
|
{
|
||
|
|
[System.IO.Directory]::CreateDirectory($rootExportPath) | Out-Null
|
||
|
|
}
|
||
|
|
|
||
|
|
$errors = Export-Cert -exportPath $rootExportPath -storeName ([System.Security.Cryptography.X509Certificates.StoreName]::Root)
|
||
|
|
|
||
|
|
$exportErrors.AddRange($errors)
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!($skipTrustedCerts.IsPresent))
|
||
|
|
{
|
||
|
|
Write-Host "Exporting Trusted Certs"
|
||
|
|
|
||
|
|
$trustedPeopleExportPath = (Join-Path $exportPath "TrustedPeople")
|
||
|
|
|
||
|
|
if (!(Test-Path $trustedPeopleExportPath))
|
||
|
|
{
|
||
|
|
[System.IO.Directory]::CreateDirectory($trustedPeopleExportPath) | Out-Null
|
||
|
|
}
|
||
|
|
|
||
|
|
$errors = Export-Cert -exportPath $trustedPeopleExportPath -storeName ([System.Security.Cryptography.X509Certificates.StoreName]::TrustedPeople)
|
||
|
|
|
||
|
|
$exportErrors.AddRange($errors)
|
||
|
|
}
|
||
|
|
|
||
|
|
foreach ($exportError in $exportErrors)
|
||
|
|
{
|
||
|
|
[Alkami.Ops.Common.Exceptions.CertificateExportException]$strongError = $exportError
|
||
|
|
Write-Warning ("{0}" -f $strongError.Message)
|
||
|
|
Write-Warning ("`tError: {0}" -f $strongError.BaseExceptionMessage.TrimEnd())
|
||
|
|
Write-Warning ("`tName: {0}" -f $strongError.CertificateName)
|
||
|
|
Write-Warning ("`tThumbprint: {0}" -f $strongError.CertificateThumbPrint)
|
||
|
|
Write-Warning ("`tSubject: {0}" -f $strongError.Subject.Trim())
|
||
|
|
Write-Output `n
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|