Last active
July 19, 2023 14:17
-
-
Save ashemedai/51d6924741cb3f210cd1197447b977be to your computer and use it in GitHub Desktop.
PowerShell script to fetch enterprise security MitM proxy root certificate for use in WSL2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Run within WSL2 as: pwsh.exe -File get-cert.ps1 | |
# | |
# PowerShell 7.3 wraps .NET 7 | |
# 1 is for line breaks at column 76 - https://learn.microsoft.com/en-us/dotnet/api/system.base64formattingoptions?view=net-7.0 | |
$Base64FormattingOptions = 1 | |
# Put the common name (CN) here, typically in the form of '[company name] Root CA' | |
$SubjectCN = "[company name] Root CA" | |
$Name = $SubjectCN -replace '[\W]', '_' | |
$OutputFile = "{0}.crt" -f $Name | |
if (Test-Path $OutputFile) { | |
Remove-Item $OutputFile -Force | |
} | |
$Certificate = Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Subject -like "*$($SubjectCN)*" } | |
if ($Certificate -eq "") { | |
Write-Output "Couldn't find matching certificate in the LocalMachine store" | |
exit 1 | |
} | |
Write-Host "Creating PEM for '$($Certificate.Subject)'" | |
# Build a PEM by hand | |
$Pem = New-Object System.Text.StringBuilder | |
[void]$Pem.AppendLine("-----BEGIN CERTIFICATE-----") | |
[void]$Pem.AppendLine([System.Convert]::ToBase64String($Certificate.RawData, $Base64FormattingOptions)) | |
[void]$Pem.AppendLine("-----END CERTIFICATE-----") | |
Write-Host "Writing PEM file to '$($OutputFile)'`n" | |
$Pem.toString() | Add-Content -NoNewline $OutputFile | |
Write-Host "To use this file on Debian or Ubuntu (it expects the file to end in .crt):" | |
Write-Host " sudo cp $($OutputFile) /usr/local/share/ca-certificates/" | |
Write-Host " sudo update-ca-certificates" | |
Write-Host "`nTo use this file with curl and tools depending on libcurl:" | |
Write-Host " export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt" | |
Write-Host "`nTo use this file with Node.js' npm:" | |
Write-Host " npm config set ca /usr/local/share/ca-certificates/$($Outputfile)" | |
Write-Host "`nTo use this file with Python's pip:" | |
Write-Host " pip config set global.cert /usr/local/share/ca-certificates/$($Outputfile)" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment