Function Set-CertificateUsers {
    param(
        [string[]] $permittedIdenties
    )

    # TODO: See if we can fetch these from the server or splat them from another function and not list them here.
    $rpsts2018 = '8edb140f1c84d4edcff730ea317662607218e5d9';
    $service2018 = '21014a433bb309665d1a14c3278cc7bd4d8c1c93';
    $client2018 = '692ddd519457eb6d943709b3ab0eb7ecc1945453';
    $token2018 = '9d6c7985c0c94eae6d3fda358e044a715bba50b8';

    @($token2018,$service2018,$client2018,$rpsts2018) | % {
        Write-Host "Updating $($_) thumbprint for the following identities..."
        $thumbprint = $_;
        foreach($identity in $permittedIdenties) {
            Write-Host $identity
            Grant-AclOnCert -Thumbprint $thumbprint -Identity $identity -FileSystemRights "FullControl" -StoreName "My";
            Grant-AclOnCert -Thumbprint $thumbprint -Identity $identity -FileSystemRights "FullControl" -StoreName "TrustedPeople";
        }
    }
}