ErgEnn/Add-IISSiteBindingsFromCert.ps1

## Add-IISSiteBindingsFromCert.ps1
# Generates IIS bindings based on certificate

try{
    if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
        $arguments = "& '" +$PSCommandPath + "'"
        Start-Process powershell -Verb runAs -ArgumentList $arguments
        Break
    }

    $thumbprint = Read-Host "Enter cert thumbprint"
    $cert = Get-ChildItem "cert:/$thumbprint" -Recurse

    $domainNames = ($cert.Extensions | Where-Object {$_.Oid.FriendlyName -eq "subject alternative name"}).Format(0).Split(',') | ForEach-Object { $_.Split('=') | Select-Object -Skip 1}

    Write-Host "Found URLs:"
    $domainNames | ForEach-Object {Write-Host $_}
    Write-Host ""

    $siteName = Read-Host "Enter IIS Site name where to add bindings"
    $isHttp = switch (Read-Host "Add HTTP ([y]/n)") {
        'y' {$true}
        'n' {$false}
        Default {$true}
    }
    $isHttps = switch (Read-Host "Add HTTPS ([y]/n)") {
        'y' {$true}
        'n' {$false}
        Default {$true}
    }

    $certPath = $($cert | Select-Object -ExpandProperty PSParentPath).Split(':') | Select-Object -Skip 2

    foreach ($url in $domainNames) {
        if ($isHttp) {
            New-IISSiteBinding -Name $siteName -BindingInformation "*:80:$url" -Protocol http
        }
        if ($isHttps) {
            New-IISSiteBinding -Name $siteName -BindingInformation "*:443:$url" -CertificateThumbPrint $thumbprint -CertStoreLocation "Cert:\$certPath" -Protocol https
        }
    }

}catch
{
    Write-Error $_.Exception.ToString()
}
Read-Host -Prompt "Press any key to exit"

## Add-ToHosts.ps1
# Adds all alternate DNS names of certificate to hosts.txt

try{
    if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
        $arguments = "& '" +$PSCommandPath + "'"
        Start-Process powershell -Verb runAs -ArgumentList $arguments
        Break
    }

    $siteName = Read-Host -Prompt "Enter IIS Site Name you want to import to hosts.txt"

    $bindings = Get-IISSiteBinding $siteName | ForEach-Object {$_ | Select-Object -ExpandProperty bindingInformation | ForEach-Object {$_.Split(':') | Select-Object -Skip 2}} | Get-Unique

    $txt = "`n# Section start IIS Site:$siteName`n" + (($bindings | ForEach-Object { "127.0.0.1`t$_" }) -join "`n") + "`n# Section end IIS Site:$siteName"

    Write-Host $txt

    Add-Content -Path "C:\Windows\System32\drivers\etc\hosts" -Value $txt -Force

    Write-Host "Hosts.txt updated"
}catch
{
    Write-Error $_.Exception.ToString()
}
Read-Host -Prompt "Press any key to exit"

## Find-Cert.ps1
# Finds certificate in certificate store by thumbprint

$thumbprint = Read-Host -Prompt "Thumbprint"
$cert = Get-ChildItem "cert:/$thumbprint" -Recurse
$path = $($cert | Select-Object -ExpandProperty PSParentPath).Split(':') | Select-Object -Skip 2
Write-Host ""
Write-Host "[Path]"
Write-Host "  $path"
Write-Host ""
Write-Host $cert | Format-List
Read-Host -Prompt "Press any key to exit"

## Generate-CA.ps1
# Generates Certificate Authority and adds it to certificate store

try{
    if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
        $arguments = "& '" +$PSCommandPath + "'"
        Start-Process powershell -Verb runAs -ArgumentList $arguments
        Break
    }
    $commonName = Read-Host "Enter common-name(e.g root.example.local)"
    New-Item "$PSScriptRoot\$commonName\" -ItemType Directory
    $path = "$PSScriptRoot\$commonName\$commonName"
    $certContent = @"
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=EE
ST=Harju
L=Tallinn
O=Net Group Local
OU=Gamma
emailAddress=gamma@netgroup.com
CN=$commonName
"@
    New-Item "$path.cnf" -ItemType File -Value $certContent

    Invoke-Expression "openssl genrsa -des3 -passout pass:$commonName -out $path.key 2048"

    Invoke-Expression "openssl req -x509 -new -nodes -key $path.key -sha256 -days 1460 -out $path.pem -config $path.cnf -passin pass:$commonName"

    Invoke-Expression "certutil -addstore -f `"ROOT`" $path.pem"

    #Cleanup
    Remove-Item "$path.cnf"

    Write-Host ""
    Write-Host "Done!"
}catch
{
    Write-Error $_.Exception.ToString()
}
Read-Host -Prompt "Press any key to exit"

## Generate-Cert.ps1
# Generates Certificate with alternate DNS names using the CA generated by Generate-CA.ps1
# NOTE: Update lines 38-43 to reflect your company

try{
    if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
        $arguments = "& '" +$PSCommandPath + "'"
        Start-Process powershell -Verb runAs -ArgumentList $arguments
        Break
    }
    $name = Read-Host "Enter name(e.g auth.example.local)"
    $rootCert = Read-Host "Insert CA name(e.g. root.example.local)"
    Write-Host "Insert alt-names(e.g. auth.example.local.ee)"
    Write-Host "Enter empty line to finish entering alt-names"

    $extContent = @"
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]

"@
    $i=1
    while (($altName = Read-Host) -ne '') {
        $extContent += "DNS.$i=$altName `r`n"
        $i++
    }
    New-Item "$PSScriptRoot\$rootCert\$name\" -ItemType Directory
    $path = "$PSScriptRoot\$rootCert\$name\$name"
    $certContent = @"
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=EE
ST=Harju
L=Tallinn
O=Net Group Local
OU=Gamma
emailAddress=gamma@netgroup.com
CN=$name
"@
    New-Item "$path.cnf" -ItemType File -Value $certContent

    New-Item "$path.ext" -ItemType File -Value $extContent


    Invoke-Expression "openssl req -new -sha256 -nodes -out $path.csr -newkey rsa:2048 -keyout $path.key -config $path.cnf"

    Invoke-Expression "openssl x509 -req -in $path.csr -CA $PSScriptRoot\$rootCert\$rootCert.pem -CAkey $PSScriptRoot\$rootCert\$rootCert.key -CAcreateserial -out $path.crt -days 500 -sha256 -extfile $path.ext -passin pass:$rootCert"

    Invoke-Expression "openssl pkcs12 -export -out $path.pfx -inkey $path.key -in $path.crt -passout pass:$name"

    Invoke-Expression "certutil -f -p $name -importpfx $path.pfx"

    Write-Host "Cleaning up temp files"

    #Cleanup
    Remove-Item "$path.csr"
    Remove-Item "$path.cnf"
    Remove-Item "$path.ext"

    $thumbprint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "$path.crt" | Select-Object -ExpandProperty Thumbprint
    Set-Clipboard -Value $thumbprint

    Write-Host ""
    Write-Host "Thumbprint $thumbprint copied to clipboard"
    Write-Host "Done!"
}catch
{
    Write-Error $_.Exception.ToString()
}
Read-Host -Prompt "Press any key to exit"
	# Generates IIS bindings based on certificate

	try{
	if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
	{
	$arguments = "& '" +$PSCommandPath + "'"
	Start-Process powershell -Verb runAs -ArgumentList $arguments
	Break
	}

	$thumbprint = Read-Host "Enter cert thumbprint"
	$cert = Get-ChildItem "cert:/$thumbprint" -Recurse

	$domainNames = ($cert.Extensions \| Where-Object {$_.Oid.FriendlyName -eq "subject alternative name"}).Format(0).Split(',') \| ForEach-Object { $_.Split('=') \| Select-Object -Skip 1}

	Write-Host "Found URLs:"
	$domainNames \| ForEach-Object {Write-Host $_}
	Write-Host ""

	$siteName = Read-Host "Enter IIS Site name where to add bindings"
	$isHttp = switch (Read-Host "Add HTTP ([y]/n)") {
	'y' {$true}
	'n' {$false}
	Default {$true}
	}
	$isHttps = switch (Read-Host "Add HTTPS ([y]/n)") {
	'y' {$true}
	'n' {$false}
	Default {$true}
	}

	$certPath = $($cert \| Select-Object -ExpandProperty PSParentPath).Split(':') \| Select-Object -Skip 2

	foreach ($url in $domainNames) {
	if ($isHttp) {
	New-IISSiteBinding -Name $siteName -BindingInformation "*:80:$url" -Protocol http
	}
	if ($isHttps) {
	New-IISSiteBinding -Name $siteName -BindingInformation "*:443:$url" -CertificateThumbPrint $thumbprint -CertStoreLocation "Cert:\$certPath" -Protocol https
	}
	}

	}catch
	{
	Write-Error $_.Exception.ToString()
	}
	Read-Host -Prompt "Press any key to exit"
	# Adds all alternate DNS names of certificate to hosts.txt

	try{
	if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
	{
	$arguments = "& '" +$PSCommandPath + "'"
	Start-Process powershell -Verb runAs -ArgumentList $arguments
	Break
	}

	$siteName = Read-Host -Prompt "Enter IIS Site Name you want to import to hosts.txt"

	$bindings = Get-IISSiteBinding $siteName \| ForEach-Object {$_ \| Select-Object -ExpandProperty bindingInformation \| ForEach-Object {$_.Split(':') \| Select-Object -Skip 2}} \| Get-Unique

	$txt = "`n# Section start IIS Site:$siteName`n" + (($bindings \| ForEach-Object { "127.0.0.1`t$_" }) -join "`n") + "`n# Section end IIS Site:$siteName"

	Write-Host $txt

	Add-Content -Path "C:\Windows\System32\drivers\etc\hosts" -Value $txt -Force

	Write-Host "Hosts.txt updated"
	}catch
	{
	Write-Error $_.Exception.ToString()
	}
	Read-Host -Prompt "Press any key to exit"
	# Finds certificate in certificate store by thumbprint

	$thumbprint = Read-Host -Prompt "Thumbprint"
	$cert = Get-ChildItem "cert:/$thumbprint" -Recurse
	$path = $($cert \| Select-Object -ExpandProperty PSParentPath).Split(':') \| Select-Object -Skip 2
	Write-Host ""
	Write-Host "[Path]"
	Write-Host " $path"
	Write-Host ""
	Write-Host $cert \| Format-List
	Read-Host -Prompt "Press any key to exit"
	# Generates Certificate Authority and adds it to certificate store

	try{
	if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
	{
	$arguments = "& '" +$PSCommandPath + "'"
	Start-Process powershell -Verb runAs -ArgumentList $arguments
	Break
	}
	$commonName = Read-Host "Enter common-name(e.g root.example.local)"
	New-Item "$PSScriptRoot\$commonName\" -ItemType Directory
	$path = "$PSScriptRoot\$commonName\$commonName"
	$certContent = @"
	[req]
	default_bits = 2048
	prompt = no
	default_md = sha256
	distinguished_name = dn
	[dn]
	C=EE
	ST=Harju
	L=Tallinn
	O=Net Group Local
	OU=Gamma
	emailAddress=gamma@netgroup.com
	CN=$commonName
	"@
	New-Item "$path.cnf" -ItemType File -Value $certContent

	Invoke-Expression "openssl genrsa -des3 -passout pass:$commonName -out $path.key 2048"

	Invoke-Expression "openssl req -x509 -new -nodes -key $path.key -sha256 -days 1460 -out $path.pem -config $path.cnf -passin pass:$commonName"

	Invoke-Expression "certutil -addstore -f `"ROOT`" $path.pem"

	#Cleanup
	Remove-Item "$path.cnf"

	Write-Host ""
	Write-Host "Done!"
	}catch
	{
	Write-Error $_.Exception.ToString()
	}
	Read-Host -Prompt "Press any key to exit"
	# Generates Certificate with alternate DNS names using the CA generated by Generate-CA.ps1
	# NOTE: Update lines 38-43 to reflect your company

	try{
	if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
	{
	$arguments = "& '" +$PSCommandPath + "'"
	Start-Process powershell -Verb runAs -ArgumentList $arguments
	Break
	}
	$name = Read-Host "Enter name(e.g auth.example.local)"
	$rootCert = Read-Host "Insert CA name(e.g. root.example.local)"
	Write-Host "Insert alt-names(e.g. auth.example.local.ee)"
	Write-Host "Enter empty line to finish entering alt-names"

	$extContent = @"
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names
	[alt_names]

	"@
	$i=1
	while (($altName = Read-Host) -ne '') {
	$extContent += "DNS.$i=$altName `r`n"
	$i++
	}
	New-Item "$PSScriptRoot\$rootCert\$name\" -ItemType Directory
	$path = "$PSScriptRoot\$rootCert\$name\$name"
	$certContent = @"
	[req]
	default_bits = 2048
	prompt = no
	default_md = sha256
	distinguished_name = dn
	[dn]
	C=EE
	ST=Harju
	L=Tallinn
	O=Net Group Local
	OU=Gamma
	emailAddress=gamma@netgroup.com
	CN=$name
	"@
	New-Item "$path.cnf" -ItemType File -Value $certContent

	New-Item "$path.ext" -ItemType File -Value $extContent



	Invoke-Expression "openssl req -new -sha256 -nodes -out $path.csr -newkey rsa:2048 -keyout $path.key -config $path.cnf"

	Invoke-Expression "openssl x509 -req -in $path.csr -CA $PSScriptRoot\$rootCert\$rootCert.pem -CAkey $PSScriptRoot\$rootCert\$rootCert.key -CAcreateserial -out $path.crt -days 500 -sha256 -extfile $path.ext -passin pass:$rootCert"

	Invoke-Expression "openssl pkcs12 -export -out $path.pfx -inkey $path.key -in $path.crt -passout pass:$name"

	Invoke-Expression "certutil -f -p $name -importpfx $path.pfx"

	Write-Host "Cleaning up temp files"

	#Cleanup
	Remove-Item "$path.csr"
	Remove-Item "$path.cnf"
	Remove-Item "$path.ext"

	$thumbprint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "$path.crt" \| Select-Object -ExpandProperty Thumbprint
	Set-Clipboard -Value $thumbprint

	Write-Host ""
	Write-Host "Thumbprint $thumbprint copied to clipboard"
	Write-Host "Done!"
	}catch
	{
	Write-Error $_.Exception.ToString()
	}
	Read-Host -Prompt "Press any key to exit"