SoulOfUniverse · July 13, 2021 19:06
diff --git a/ExtendSelfSignedCertificate.ps1 b/ExtendSelfSignedCertificate.ps1
 #Requires -RunAsAdministrator
 #Author: Sergejs Kravcenko
 #Date: 12/07/2018
 #Description: RenewCertificate module, which allows to safely generate and issue new Sitecore Self-Signed certificates both Root and Personal in order to have Sitecore instance function correctly with its xConnect services
 #Usage: Import-Module .\RenewCertificate.psm1

 Write-Host "Importing RenewCertificateModule"

 function New-RootCertificateFn{
    param (
        [string]$name,
        [ValidateScript( {Test-Path $_})]
        [string]$path
    )

    #using SitecoreFundamentals powershell module scripts
    New-RootCertificate -Path $path -Name $name -DnsName $name -Verbose
 }

 function Install-RootCert {
    [CmdletBinding(SupportsShouldProcess = $true)]
    param(
        [ValidateScript( {Test-Path $_})]
        [string]$path
    )

    $rootCertStorePath = 'LocalMachine\Root'
    $rootCertStoreLocation = "Cert:\$rootCertStorePath"
    $rootCrtInfo = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $rootCrtInfo.Import($path)
    $rootCrtThumbprint = $rootCrtInfo.Thumbprint

    # install root cert
    $rootCerts = Get-ChildItem -Path $rootCertStoreLocation -Recurse -Verbose | Where-Object { $_.PSIsContainer -eq $false -and $_.Thumbprint -eq $rootCrtThumbprint }
    $rootCertInstalled = $false
    if ($rootcerts) {
        $rootCerts | Select-Object -Property PSParentPath, Subject, Thumbprint, HasPrivateKey
        $rootCert = $rootCerts | Where-Object { $_.PSParentPath -like "*$rootCertStorePath" }
        if ($rootCert) {
            $rootCertInstalled = $true
        }
    }

    if (!$rootCertInstalled) {
        Import-Certificate -FilePath $Path -CertStoreLocation $rootCertStoreLocation
        Write-Verbose "Installed Root Certificate '$Path' to '$rootCertStorePath'"
    }
    else {
        Write-Verbose "Certificate already installed '$path'"
    }

 }

 function New-SignedCertificateFn {
    param (
        [string]$name,
        [string]$thumbprint,
        [ValidateScript( {Test-Path $_})]
        [string]$path,
        [securestring]$pfxPassword = (ConvertTo-SecureString -String 'temp1234' -AsPlainText -Force)
    )

    $rootCert = Get-ChildItem -Path 'Cert:\LocalMachine\Root' -Recurse | Where-Object {
        $_.Thumbprint -eq $thumbprint
    }

    $result = @()
        if ($rootCert) {
            $result += $rootCert
        }
        else {
            Write-Host "There are no root certificates with $thumbprint thumbprint in Cert:\LocalMachine\Root path" -ForegroundColor Red
        }

        #using SitecoreFundamentals powershell module scripts
        $certInfo = New-SignedCertificate -Path $path -Signer $rootCert -Name $name -DnsName $name -Verbose
        $signedCert = $certInfo.Certificate
        $pfx = $signedCert | Export-PfxCertificate -FilePath (Join-Path -Path $path -ChildPath "$($name).pfx") -Password $pfxPassword
        $result += $signedCert
        return $result
 }

 function Install-PfxCert {
    param(
        [ValidateScript( {Test-Path $_})]
        [string]$path,
        [securestring]$password = (ConvertTo-SecureString -String 'temp1234' -AsPlainText -Force)
    )

    $pfxInfo = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $KeyStorageFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bxor `
        [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet -bxor `
        [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet

    Write-Verbose ('Key storage flags is: {0}' -f $KeyStorageFlags);

    $pfxInfo.Import($path, $password, $KeyStorageFlags)
    $pfxThumbprint = $pfxInfo.Thumbprint
    $myCertStorePath = 'LocalMachine\My'
    $myCertStoreLocation = "Cert:\$myCertStorePath"

    $pfxCerts = Get-ChildItem -Path $myCertStoreLocation -Recurse | Where-Object { $_.PSisContainer -eq $false -and $_.Thumbprint -eq $pfxThumbprint }
    $pfxCertInstalled = $false
    if ($pfxCerts) {
        $pfxCerts | Select-Object -Property PSParentPath, Subject, Thumbprint, HasPrivateKey
        $pfxCert = $pfxCerts | Where-Object { $_.PSParentPath -like "*$myCertStorePath" }
        if ($pfxCert) {
            $pfxCertInstalled = $true
        }
    }

    if (!$pfxCertInstalled) {
        Import-PfxCertificate -FilePath $path -CertStoreLocation $myCertStoreLocation -Exportable -Password $password
        Write-Verbose "Installed Certificate '$path' to '$myCertStoreLocation'"
    }
    else {
        Write-Verbose "Certificate already installed '$path'"
    }
 }

 function Add-UserToCertificateFn {
    param (
        [string]$userName,
 		[string]$permission = "read",
 		[string]$certThumbprint,
        [string]$certStoreLocation = "LocalMachine\My"
    )

    # check if certificate is already installed
 	$certificateInstalled = Get-ChildItem Cert:\$certStoreLocation | Where thumbprint -eq $certThumbprint

 	# download & install only if certificate is not already installed on machine
 	if ($certificateInstalled -eq $null)
 	{
 		$message="Certificate with thumbprint:"+$certThumbprint+" does not exist at cert:"+$certStoreLocation
 		Write-Host $message -ForegroundColor Red
 		return
 	}else
 	{
 		try
 		{
 			$rule = new-object security.accesscontrol.filesystemaccessrule $userName, $permission, allow
 			$root = "c:\programdata\microsoft\crypto\rsa\machinekeys"
 			$l = ls Cert:$certStoreLocation
 			$l = $l |? {$_.thumbprint -like $certThumbprint}
 			$l |%{
 				$keyname = $_.privatekey.cspkeycontainerinfo.uniquekeycontainername
 				$p = [io.path]::combine($root, $keyname)
 				if ([io.file]::exists($p))
 				{
 					$acl = get-acl -path $p
 					$acl.addaccessrule($rule)
 					echo $p
 					set-acl $p $acl
 				}
 			}
 		}
 		catch 
 		{
 			Write-Host "Caught an exception:" -ForegroundColor Red
 			Write-Host "$($_.Exception)" -ForegroundColor Red
 			return
 		}    
 	}

 	Write-Host "Successfully granted $permission permission to $userName user for $certThumbprint certificate" -ForegroundColor Green
 }

 function Get-CertThumbprint {
    param (
        [ValidateScript( {Test-Path $_})]
        [string]$path,
        [securestring]$password = (ConvertTo-SecureString -String 'temp1234' -AsPlainText -Force)
    )

    $fileExtension = Get-Item -Path $path | Select-Object -Property Extension
    
    $isPfx = $fileExtension.Extension -eq '.pfx'

    $certInfo = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $KeyStorageFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bxor `
        [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet -bxor `
        [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet

    if ($isPfx) {
        $certInfo.Import($path, $password, $KeyStorageFlags)
    } else {
        $certInfo.Import($path)
    }
    $thumbprint = $certInfo.Thumbprint

    return $thumbprint
 }

 function Remove-Certificate {
    param (
        [string]$thumbprint,
        [string]$certPath = "LocalMachine\Root"
    )
    If (Test-Path -Path Cert:\$certPath\$thumbprint)
    {
      Remove-Item -Path Cert:\$certPath\$thumbprint
      Write-Host "The certificate $thumbprint was successfully deleted from Cert:\$certPath" -ForegroundColor Green
    }
    else {
        Write-Host "There are no $thumbprint certificate imported under Cert:\$certPath" -ForegroundColor Red
    }
 }

 Write-Host "Done"
	#Requires -RunAsAdministrator
	#Author: Sergejs Kravcenko
	#Date: 12/07/2018
	#Description: RenewCertificate module, which allows to safely generate and issue new Sitecore Self-Signed certificates both Root and Personal in order to have Sitecore instance function correctly with its xConnect services
	#Usage: Import-Module .\RenewCertificate.psm1

	Write-Host "Importing RenewCertificateModule"

	function New-RootCertificateFn{
	param (
	[string]$name,
	[ValidateScript( {Test-Path $_})]
	[string]$path
	)

	#using SitecoreFundamentals powershell module scripts
	New-RootCertificate -Path $path -Name $name -DnsName $name -Verbose
	}

	function Install-RootCert {
	[CmdletBinding(SupportsShouldProcess = $true)]
	param(
	[ValidateScript( {Test-Path $_})]
	[string]$path
	)

	$rootCertStorePath = 'LocalMachine\Root'
	$rootCertStoreLocation = "Cert:\$rootCertStorePath"
	$rootCrtInfo = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
	$rootCrtInfo.Import($path)
	$rootCrtThumbprint = $rootCrtInfo.Thumbprint

	# install root cert
	$rootCerts = Get-ChildItem -Path $rootCertStoreLocation -Recurse -Verbose \| Where-Object { $_.PSIsContainer -eq $false -and $_.Thumbprint -eq $rootCrtThumbprint }
	$rootCertInstalled = $false
	if ($rootcerts) {
	$rootCerts \| Select-Object -Property PSParentPath, Subject, Thumbprint, HasPrivateKey
	$rootCert = $rootCerts \| Where-Object { $_.PSParentPath -like "*$rootCertStorePath" }
	if ($rootCert) {
	$rootCertInstalled = $true
	}
	}

	if (!$rootCertInstalled) {
	Import-Certificate -FilePath $Path -CertStoreLocation $rootCertStoreLocation
	Write-Verbose "Installed Root Certificate '$Path' to '$rootCertStorePath'"
	}
	else {
	Write-Verbose "Certificate already installed '$path'"
	}

	}

	function New-SignedCertificateFn {
	param (
	[string]$name,
	[string]$thumbprint,
	[ValidateScript( {Test-Path $_})]
	[string]$path,
	[securestring]$pfxPassword = (ConvertTo-SecureString -String 'temp1234' -AsPlainText -Force)
	)

	$rootCert = Get-ChildItem -Path 'Cert:\LocalMachine\Root' -Recurse \| Where-Object {
	$_.Thumbprint -eq $thumbprint
	}

	$result = @()
	if ($rootCert) {
	$result += $rootCert
	}
	else {
	Write-Host "There are no root certificates with $thumbprint thumbprint in Cert:\LocalMachine\Root path" -ForegroundColor Red
	}

	#using SitecoreFundamentals powershell module scripts
	$certInfo = New-SignedCertificate -Path $path -Signer $rootCert -Name $name -DnsName $name -Verbose
	$signedCert = $certInfo.Certificate
	$pfx = $signedCert \| Export-PfxCertificate -FilePath (Join-Path -Path $path -ChildPath "$($name).pfx") -Password $pfxPassword
	$result += $signedCert
	return $result
	}

	function Install-PfxCert {
	param(
	[ValidateScript( {Test-Path $_})]
	[string]$path,
	[securestring]$password = (ConvertTo-SecureString -String 'temp1234' -AsPlainText -Force)
	)

	$pfxInfo = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
	$KeyStorageFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bxor `
	[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet -bxor `
	[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet

	Write-Verbose ('Key storage flags is: {0}' -f $KeyStorageFlags);

	$pfxInfo.Import($path, $password, $KeyStorageFlags)
	$pfxThumbprint = $pfxInfo.Thumbprint
	$myCertStorePath = 'LocalMachine\My'
	$myCertStoreLocation = "Cert:\$myCertStorePath"

	$pfxCerts = Get-ChildItem -Path $myCertStoreLocation -Recurse \| Where-Object { $_.PSisContainer -eq $false -and $_.Thumbprint -eq $pfxThumbprint }
	$pfxCertInstalled = $false
	if ($pfxCerts) {
	$pfxCerts \| Select-Object -Property PSParentPath, Subject, Thumbprint, HasPrivateKey
	$pfxCert = $pfxCerts \| Where-Object { $_.PSParentPath -like "*$myCertStorePath" }
	if ($pfxCert) {
	$pfxCertInstalled = $true
	}
	}

	if (!$pfxCertInstalled) {
	Import-PfxCertificate -FilePath $path -CertStoreLocation $myCertStoreLocation -Exportable -Password $password
	Write-Verbose "Installed Certificate '$path' to '$myCertStoreLocation'"
	}
	else {
	Write-Verbose "Certificate already installed '$path'"
	}
	}

	function Add-UserToCertificateFn {
	param (
	[string]$userName,
	[string]$permission = "read",
	[string]$certThumbprint,
	[string]$certStoreLocation = "LocalMachine\My"
	)

	# check if certificate is already installed
	$certificateInstalled = Get-ChildItem Cert:\$certStoreLocation \| Where thumbprint -eq $certThumbprint

	# download & install only if certificate is not already installed on machine
	if ($certificateInstalled -eq $null)
	{
	$message="Certificate with thumbprint:"+$certThumbprint+" does not exist at cert:"+$certStoreLocation
	Write-Host $message -ForegroundColor Red
	return
	}else
	{
	try
	{
	$rule = new-object security.accesscontrol.filesystemaccessrule $userName, $permission, allow
	$root = "c:\programdata\microsoft\crypto\rsa\machinekeys"
	$l = ls Cert:$certStoreLocation
	$l = $l \|? {$_.thumbprint -like $certThumbprint}
	$l \|%{
	$keyname = $_.privatekey.cspkeycontainerinfo.uniquekeycontainername
	$p = [io.path]::combine($root, $keyname)
	if ([io.file]::exists($p))
	{
	$acl = get-acl -path $p
	$acl.addaccessrule($rule)
	echo $p
	set-acl $p $acl
	}
	}
	}
	catch
	{
	Write-Host "Caught an exception:" -ForegroundColor Red
	Write-Host "$($_.Exception)" -ForegroundColor Red
	return
	}
	}

	Write-Host "Successfully granted $permission permission to $userName user for $certThumbprint certificate" -ForegroundColor Green
	}

	function Get-CertThumbprint {
	param (
	[ValidateScript( {Test-Path $_})]
	[string]$path,
	[securestring]$password = (ConvertTo-SecureString -String 'temp1234' -AsPlainText -Force)
	)

	$fileExtension = Get-Item -Path $path \| Select-Object -Property Extension

	$isPfx = $fileExtension.Extension -eq '.pfx'

	$certInfo = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
	$KeyStorageFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bxor `
	[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet -bxor `
	[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet

	if ($isPfx) {
	$certInfo.Import($path, $password, $KeyStorageFlags)
	} else {
	$certInfo.Import($path)
	}
	$thumbprint = $certInfo.Thumbprint

	return $thumbprint
	}

	function Remove-Certificate {
	param (
	[string]$thumbprint,
	[string]$certPath = "LocalMachine\Root"
	)
	If (Test-Path -Path Cert:\$certPath\$thumbprint)
	{
	Remove-Item -Path Cert:\$certPath\$thumbprint
	Write-Host "The certificate $thumbprint was successfully deleted from Cert:\$certPath" -ForegroundColor Green
	}
	else {
	Write-Host "There are no $thumbprint certificate imported under Cert:\$certPath" -ForegroundColor Red
	}
	}

	Write-Host "Done"