Created
March 15, 2023 20:34
-
-
Save bachoang/30a882b5c70ca5b3852a23647fb6e4a8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run the below script in PowerShell Core | |
| # to output json body for uploading SSL Cert to Enterprise Application | |
| $pfxpath = "C:\Users\<path to pfx>\testpfx.pfx" | |
| $cerpath = "C:\Users\<path to cer>\testcer.cer" | |
| $password = "<pfx password>" | |
| $Secure_String_Pwd = ConvertTo-SecureString $password -AsPlainText -Force | |
| $pfx_cert = get-content $pfxpath -AsByteStream -Raw | |
| $cer_cert = get-content $cerpath -AsByteStream -Raw | |
| $cert = Get-PfxCertificate -FilePath $pfxpath -Password $Secure_String_Pwd | |
| # base 64 encode the private key and public key | |
| $base64pfx = [System.Convert]::ToBase64String($pfx_cert) | |
| $base64cer = [System.Convert]::ToBase64String($cer_cert) | |
| # getting id for the keyCredential object | |
| $guid1 = New-Guid | |
| $guid1 = $guid1.ToString() | |
| $guid2 = New-Guid | |
| $guid2 = $guid2.ToString() | |
| # get the custom key identifier from the certificate thumbprint: | |
| $hasher = [System.Security.Cryptography.HashAlgorithm]::Create('sha256') | |
| $hash = $hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($cert.Thumbprint)) | |
| $customKeyIdentifier = [System.Convert]::ToBase64String($hash) | |
| # get end date and start date for our keycredentials | |
| $endDateTime = ($cert.NotAfter).ToUniversalTime().ToString( "yyyy-MM-ddTHH:mm:ssZ" ) | |
| $startDateTime = ($cert.NotBefore).ToUniversalTime().ToString( "yyyy-MM-ddTHH:mm:ssZ" ) | |
| # building our json payload | |
| $object = [ordered]@{ | |
| keyCredentials = @( | |
| [ordered]@{ | |
| customKeyIdentifier = $customKeyIdentifier | |
| endDateTime = $endDateTime | |
| keyId = $guid1 | |
| startDateTime = $startDateTime | |
| type = "AsymmetricX509Cert" | |
| usage = "Sign" | |
| key = $base64pfx | |
| displayName = $CertDisplayName | |
| }, | |
| [ordered]@{ | |
| customKeyIdentifier = $customKeyIdentifier | |
| endDateTime = $endDateTime | |
| keyId = $guid2 | |
| startDateTime = $startDateTime | |
| type = "AsymmetricX509Cert" | |
| usage = "Verify" | |
| key = $base64cer | |
| displayName = $CertDisplayName | |
| } | |
| ) | |
| passwordCredentials = @( | |
| [ordered]@{ | |
| customKeyIdentifier = $customKeyIdentifier | |
| keyId = $guid1 | |
| endDateTime = $endDateTime | |
| startDateTime = $startDateTime | |
| secretText = $password | |
| } | |
| ) | |
| } | |
| $json = $object | ConvertTo-Json -Depth 99 | |
| Write-Host "JSON Payload:" | |
| Write-Output $json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment