137 lines
4.6 KiB
PowerShell
137 lines
4.6 KiB
PowerShell
# Client Certificate Installation Script for oxmc-servers
|
|
param(
|
|
[switch]$Silent = $false,
|
|
[switch]$installInTrustedPeople = $false
|
|
)
|
|
|
|
# Check PowerShell version for use in path
|
|
if ($PSVersionTable.PSVersion.Major -ge 3) {
|
|
# Use new variable syntax in PowerShell 3 and above
|
|
$currentDir = $PSScriptRoot
|
|
}
|
|
else {
|
|
# Use old variable syntax in Windows PowerShell 3 and below
|
|
$currentDir = (Get-Item .).FullName
|
|
}
|
|
|
|
# Import script-helper.ps1
|
|
. "$currentDir\script-helper.ps1"
|
|
|
|
# Configuration
|
|
$CertificatePath = "$windowsDrive\Windows\OEM\certs"
|
|
|
|
function Install-Certificates {
|
|
param([string]$CertDirectory)
|
|
|
|
try {
|
|
# Check if certificate directory exists
|
|
if (-not (Test-Path $CertDirectory)) {
|
|
return $false
|
|
}
|
|
|
|
# Find all certificate files
|
|
$certFiles = Get-ChildItem -Path $CertDirectory -Filter "*.cer" -File
|
|
if ($certFiles.Count -eq 0) {
|
|
return $false
|
|
}
|
|
|
|
$installedCount = 0
|
|
$totalCount = $certFiles.Count
|
|
|
|
foreach ($certFile in $certFiles) {
|
|
$success = Install-SingleCertificate -CertPath $certFile.FullName -InstallInTrustedPeople:$installInTrustedPeople
|
|
if ($success) {
|
|
$installedCount++
|
|
}
|
|
}
|
|
|
|
return $installedCount -eq $totalCount
|
|
} catch {
|
|
return $false
|
|
}
|
|
}
|
|
|
|
function Install-SingleCertificate {
|
|
param(
|
|
[string]$CertPath,
|
|
[bool]$InstallInTrustedPeople = $false
|
|
)
|
|
|
|
try {
|
|
# Load certificate
|
|
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath)
|
|
|
|
# Check if certificate is already installed
|
|
if (Test-CertificateInstalled -Thumbprint $cert.Thumbprint -InstallInTrustedPeople:$InstallInTrustedPeople) {
|
|
return $true
|
|
}
|
|
|
|
# Install to Trusted Root Certification Authorities (ALWAYS do this)
|
|
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("Root", "LocalMachine")
|
|
$rootStore.Open("ReadWrite")
|
|
$rootStore.Add($cert)
|
|
$rootStore.Close()
|
|
|
|
# Install to Trusted Publishers (ALWAYS do this)
|
|
$publisherStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("TrustedPublisher", "LocalMachine")
|
|
$publisherStore.Open("ReadWrite")
|
|
$publisherStore.Add($cert)
|
|
$publisherStore.Close()
|
|
|
|
# Install to Trusted People ONLY if parameter is specified
|
|
if ($InstallInTrustedPeople) {
|
|
$peopleStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("TrustedPeople", "LocalMachine")
|
|
$peopleStore.Open("ReadWrite")
|
|
$peopleStore.Add($cert)
|
|
$peopleStore.Close()
|
|
}
|
|
|
|
# Verify installation
|
|
return Test-CertificateInstalled -Thumbprint $cert.Thumbprint -InstallInTrustedPeople:$InstallInTrustedPeople
|
|
} catch {
|
|
return $false
|
|
}
|
|
}
|
|
|
|
function Test-CertificateInstalled {
|
|
param(
|
|
[string]$Thumbprint,
|
|
[bool]$InstallInTrustedPeople = $false
|
|
)
|
|
|
|
$rootCert = Get-ChildItem "Cert:\LocalMachine\Root" | Where-Object { $_.Thumbprint -eq $Thumbprint }
|
|
$trustedPublisherCert = Get-ChildItem "Cert:\LocalMachine\TrustedPublisher" | Where-Object { $_.Thumbprint -eq $Thumbprint }
|
|
|
|
if ($InstallInTrustedPeople) {
|
|
$peopleCert = Get-ChildItem "Cert:\LocalMachine\TrustedPeople" | Where-Object { $_.Thumbprint -eq $Thumbprint }
|
|
return ($rootCert -and $peopleCert)
|
|
} else {
|
|
return ($rootCert -and $trustedPublisherCert)
|
|
}
|
|
}
|
|
|
|
# Check administrator privileges
|
|
if (-not (Test-Administrator)) {
|
|
if (-not $Silent) {
|
|
Write-Host "This script requires Administrator privileges." -ForegroundColor Red
|
|
Write-Host "Please right-click and 'Run as Administrator'" -ForegroundColor Yellow
|
|
timeout /t 5
|
|
}
|
|
exit 1
|
|
}
|
|
|
|
# Install all certificates
|
|
$success = Install-Certificates -CertDirectory $CertificatePath
|
|
|
|
if ($success) {
|
|
$storeInfo = if ($installInTrustedPeople) { "Root and TrustedPeople stores" } else { "Trusted Root store" }
|
|
if (-not $Silent) {
|
|
Write-Host "All certificates installed to $storeInfo successfully!" -ForegroundColor Green
|
|
}
|
|
} else {
|
|
if (-not $Silent) {
|
|
Write-Host "Certificate installation failed!" -ForegroundColor Red
|
|
Write-Host "Certificate directory not found or no certificates at: $CertificatePath" -ForegroundColor Yellow
|
|
Write-Host "Please ensure the certificate directory exists and contains .cer files." -ForegroundColor Yellow
|
|
}
|
|
} |