Last active
February 15, 2021 20:33
-
-
Save indented-automation/37b748056742d5e1b51f7cd767813f5d to your computer and use it in GitHub Desktop.
Import-Certificate.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Management.Automation | |
| using namespace System.Security.Cryptography.X509Certificates | |
| function ConvertTo-X509Certificate { | |
| <# | |
| .SYNOPSIS | |
| Convert a Base64 encoded certificate (with header and footer) to an X509Certificate object. | |
| .DESCRIPTION | |
| ConvertTo-X509Certificate reads a Base64 encoded certificate string or file and converts it to an X509Certificate object. | |
| .EXAMPLE | |
| Get-ChildItem *.pem | ConvertTo-X509Certificate | |
| Converts all certificates stored in pem files to an X509Certificate2 object. | |
| .EXAMPLE | |
| ConvertTo-X509Certificate -Path cert.cer | |
| Converts the certificate stored in cert.cer to an X509Certificate2 object. | |
| #> | |
| [CmdletBinding(DefaultParameterSetName = 'FromPipeline')] | |
| [OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])] | |
| param ( | |
| # A path to an existing certificate file. | |
| [Parameter(Mandatory, Position = 1, ValueFromPipeline, ParameterSetName = 'FromFile')] | |
| [ValidateScript( { Test-Path $_ -PathType Leaf } )] | |
| [FileInfo]$Path, | |
| # One or more base64 encoded strings describing the certificate. | |
| [Parameter(Mandatory, ValueFromPipelineByPropertyName, ValueFromPipeline, ParameterSetName = 'FromCertificateText')] | |
| [Alias('RawCertificate')] | |
| [String]$Certificate | |
| ) | |
| process { | |
| try { | |
| if ($Certificate) { | |
| if ($Certificate.StartsWith('-----BEGIN')) { | |
| $expression = '-----BEGIN CERTIFICATE-----([\s\S]+?)-----END CERTIFICATE-----' | |
| foreach ($match in [Regex]::Matches($Certificate, $expression)) { | |
| $bytes = [Convert]::FromBase64String($match.Groups[1].Value.Trim()) | |
| [X509Certificate2]::new($bytes) | |
| } | |
| } else { | |
| $bytes = [Convert]::FromBase64String($Certificate) | |
| [X509Certificate2]::new($bytes) | |
| } | |
| } elseif ($Path) { | |
| $Path = $pscmdlet.GetUnresolvedProviderPathFromPSPath($Path.ToString()) | |
| [X509Certificate2]::new($Path) | |
| } | |
| } catch { | |
| Write-Error -ErrorRecord $_ | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.IO | |
| using namespace System.Management.Automation | |
| using namespace System.Security.Cryptography.X509Certificates | |
| function Import-Certificate { | |
| <# | |
| .SYNOPSIS | |
| Import an X509 certificate into a named store. | |
| .DESCRIPTION | |
| Import a certificate into the specified store. | |
| Import-Certificate can accept a public key, or a public/private key pair as an X509Certificate2 object. | |
| .EXAMPLE | |
| Get-Certificate -StoreName My -ComputerName Server1 | Install-Certificate $Certificate -ComputerName Server2 -StoreName TrustedPeople | |
| Get certificates from the Personal (My) store of Server1 and install each into the TrustedPeople store of Server2. | |
| #> | |
| [CmdletBinding()] | |
| param ( | |
| # The certificate to install. | |
| [Parameter(Mandatory, ValueFromPipeline)] | |
| [X509Certificate2]$Certificate, | |
| # The store name to install the certificate into. By default certificates are installed in the personal store (My). | |
| [String]$StoreName = 'My', | |
| # The store to install the certificate into. By default the LocalMachine store is used. | |
| [StoreLocation]$StoreLocation = 'LocalMachine', | |
| # An optional ComputerName to use for this query. If ComputerName is not specified Get-Certificate uses the current computer. | |
| [String]$ComputerName = $env:ComputerName | |
| ) | |
| begin { | |
| $store = GetStore -ComputerName $ComputerName -StoreName $StoreName -StoreLocation $StoreLocation | |
| try { | |
| $store.Open([OpenFlags]::ReadWrite) | |
| } catch { | |
| $errorRecord = [ErrorRecord]::new( | |
| $_.Exception.GetBaseException(), | |
| 'FailedToOpenCertificateStore', | |
| 'OpenError', | |
| $store | |
| ) | |
| $pscmdlet.ThrowTerminatingError($errorRecord) | |
| } | |
| } | |
| process { | |
| try { | |
| $store.Add($Certificate) | |
| } catch { | |
| $errorRecord = [ErrorRecord]::new( | |
| $_.Exception.GetBaseException(), | |
| 'FailedToAddCertificateToStore', | |
| 'WriteError', | |
| $Certificate | |
| ) | |
| Write-Error -ErrorRecord $errorRecord | |
| } | |
| } | |
| end { | |
| $store.Close() | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment