Created
October 9, 2019 23:52
-
-
Save joshooaj/9b8da905d4a5f97e756717203c3949c5 to your computer and use it in GitHub Desktop.
Request a CA certificate using the WebServer template and configure Recording Server to use it to secure client connections
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Set-CertificatePermission { | |
[CmdletBinding()] | |
param( | |
[string] | |
$CertificatePath, | |
[string] | |
$UserName, | |
[string] | |
$Permission | |
) | |
$certificate = Get-ChildItem $CertificatePath | |
if ($null -eq $certificate) { | |
throw "Certificate not found" | |
} | |
try { | |
$rule = New-Object Security.AccessControl.FileSystemAccessRule $UserName, $Permission, allow | |
$root = "c:\programdata\microsoft\crypto\rsa\machinekeys" | |
$keyname = $certificate.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName | |
$path = Join-Path $root $keyname | |
if (Test-Path $path) { | |
$acl = Get-Acl $path | |
$acl.AddAccessRule($rule) | |
Set-Acl $path $acl | |
} | |
} catch { | |
throw | |
} | |
} | |
try { | |
$fqdn = [System.Net.Dns]::GetHostByName($env:computerName).HostName | |
$filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))" | |
$subject = ([adsisearcher]$filter).FindOne().Properties.distinguishedname | |
$result = Get-Certificate -Template WebServer -DnsName $fqdn -SubjectName $subject -CertStoreLocation Cert:\LocalMachine\My -ErrorAction Stop | |
if ($result.Status -eq "Issued") { | |
$recInfo = Get-RecorderConfig -ErrorAction Stop | |
Set-CertificatePermission -userName $recInfo.ServiceInfo.Identity -permission read -CertificatePath "Cert:\LocalMachine\My\$($result.Certificate.Thumbprint)" -ErrorAction Stop | |
Set-RecorderConfig -ClientEncryptionCertHash $result.Certificate.Thumbprint | |
$result.Certificate.Thumbprint | |
} | |
} catch { | |
throw | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment