98 lines
4.7 KiB
PowerShell
98 lines
4.7 KiB
PowerShell
function Import-PfxCertificateWithPermissions {
|
|
<#
|
|
.SYNOPSIS
|
|
Import a PFX certificate with appropriate user permissions without needing the folder structure as specified in Import-Certificates.
|
|
|
|
.PARAMETER ImportPassword
|
|
The password used to import the certificate.
|
|
|
|
.PARAMETER PathToPfxCertificate
|
|
The path to a specified PFX file.
|
|
|
|
.PARAMETER UsersWhoNeedRights
|
|
Optional list of users to grant rights for certificates which have private keys. If not supplied, then the resulting Import-Certificates call will assign the default users
|
|
|
|
.EXAMPLE
|
|
|
|
Import-PfxCertificateWithPermissions -ImportPassword 'PASSWORD_GOES_HERE' -PathToPfxCertificate "\\10.0.16.67\c`$\temp\mccu.com.pfx"
|
|
[Import-PfxCertificateWithPermissions] : Copied cert to C:\Users\ccoane\AppData\Local\Temp\2\904bf9e6-4be5-4b8e-805b-03817b6dd198\Personal
|
|
Importing Personal Certs
|
|
Validating certificate mccu.com.pfx
|
|
Certificate mccu.com.pfx Passed Validation
|
|
Granting fh\dev.dbms$ rights to PK for certificate
|
|
Granting fh\dev.micro$ rights to PK for certificate
|
|
Granting FH\dev.micro$ rights to PK for certificate
|
|
Granting fh\dev.nag$ rights to PK for certificate
|
|
Granting fh\dev.radium$ rights to PK for certificate
|
|
Granting iis_iusrs rights to PK for certificate
|
|
[Import-PfxCertificateWithPermissions] : Removed temporary directory C:\Users\ccoane\AppData\Local\Temp\2\904bf9e6-4be5-4b8e-805b-03817b6dd198
|
|
|
|
|
|
// If you need to make a modification to the default user list used by Import-Certificates e.g. PFX also requires access granted to fh\xxxx.bank$
|
|
$SecurityGroup = Get-AppSetting -appSettingKey "Environment.UserPrefix"
|
|
Import-PfxCertificateWithPermissions -ImportPassword 'PASSWORD_GOES_HERE' -PathToPfxCertificate "\\10.0.16.67\c`$\temp\mccu.com.pfx" -UsersWhoNeedRights @("iis_iusrs", "fh\$SecurityGroup.radium$", "fh\$SecurityGroup.nag$", "fh\$SecurityGroup.dbms$", "fh\$SecurityGroup.micro$", "fh\$SecurityGroup.bank$")
|
|
[Import-PfxCertificateWithPermissions] : Copied cert to C:\Users\ccoane\AppData\Local\Temp\2\a7ad2893-884b-4604-bed2-2c2d6bd597da\Personal
|
|
Importing Personal Certs
|
|
Validating certificate mccu.com.pfx
|
|
Certificate mccu.com.pfx Passed Validation
|
|
Granting fh\dev.bank$ rights to PK for certificate
|
|
Granting fh\dev.dbms$ rights to PK for certificate
|
|
Granting FH\dev.micro$ rights to PK for certificate
|
|
Granting fh\dev.micro$ rights to PK for certificate
|
|
Granting fh\dev.nag$ rights to PK for certificate
|
|
Granting fh\dev.radium$ rights to PK for certificate
|
|
Granting iis_iusrs rights to PK for certificate
|
|
[Import-PfxCertificateWithPermissions] : Removed temporary directory C:\Users\ccoane\AppData\Local\Temp\2\a7ad2893-884b-4604-bed2-2c2d6bd597da
|
|
|
|
#>
|
|
[CmdletBinding()]
|
|
Param(
|
|
[parameter(Mandatory=$true)]
|
|
[string]$ImportPassword,
|
|
|
|
[Parameter(Mandatory=$true)]
|
|
[string]$PathToPfxCertificate,
|
|
|
|
[Parameter(Mandatory=$false)]
|
|
[string[]]$UsersWhoNeedRights
|
|
)
|
|
|
|
$logLead = (Get-LogLeadName)
|
|
|
|
# Verify Pfx is valid and exists/accessible
|
|
if (!($PathToPfxCertificate -Like "*.pfx")) {
|
|
Write-Error "$logLead : This function is expecting a certificate with a .pfx extension as the value for `$PathToPfxCertificate. Provided value is: $PathToPfxCertificate"
|
|
return
|
|
}
|
|
|
|
if (!(Test-Path $PathToPfxCertificate)) {
|
|
Write-Error "$logLead : Unable to reach the specified file from this server. Verify the path is correct and accessible to this server. Provided value is: $PathToPfxCertificate"
|
|
return
|
|
}
|
|
|
|
try {
|
|
$randomPath = Join-Path $Env:Temp $(New-Guid)
|
|
|
|
# Copy PFX to a randomly created folder in appropriate Import-Certificates folder structure
|
|
$tempFolderPersonalPath = New-Item -Path $randomPath -ItemType Directory -Name "Personal" -Force
|
|
Copy-Item -Path $PathToPfxCertificate -Destination $tempFolderPersonalPath
|
|
Write-Host "$logLead : Copied cert to $tempFolderPersonalPath"
|
|
|
|
# If user provided an argument for $UsersWhoNeedRights
|
|
if ($UsersWhoNeedRights) {
|
|
Import-Certificates -importPassword $ImportPassword -importPath $randomPath -usersWhoNeedRights $UsersWhoNeedRights
|
|
} else {
|
|
Import-Certificates -importPassword $ImportPassword -importPath $randomPath
|
|
}
|
|
} catch {
|
|
Write-Error "$logLead : $_"
|
|
} finally {
|
|
# Delete the randomly created folder if it exists
|
|
if (Test-Path -Path $randomPath) {
|
|
Remove-Item -Path $randomPath -Recurse -Force
|
|
Write-Host "$logLead : Removed temporary directory $randomPath"
|
|
}
|
|
}
|
|
|
|
return $randomPath
|
|
} |