param(
[string]$serverName
)
$serverName = "sql.healthcare.local"
$req = @"
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "CN=%subject%"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERT_DATA_ENCIPHERMENT_KEY_USAGE"
[Strings]
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"
[RequestAttributes]
CertificateTemplate=SCOMCert
"@
#[Extensions]
#%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"
$cert = dir cert:\localmachine\my | where {$_.subject -eq ("CN=" + $serverName)}
if (-not $cert) {
$req = $req.Replace("%subject%", $serverName)
$req | set-content ($serverName + ".txt")
certreq.exe -new ($serverName + ".txt") ($serverName + ".req")
#-attrib "CertificateTemplate:SCOMCert"
certreq.exe -submit ($serverName + ".req") ($serverName + ".cer")
certreq.exe -accept ($serverName + ".cer")
}
$cert = dir cert:\localmachine\my | where {$_.subject -eq ("CN=" + $serverName)}
if ($cert) {
$cert | Export-PfxCertificate -Password (ConvertTo-SecureString -String "xxxxxx" -AsPlainText -Force ) -FilePath (join-path "c:\temp" ($serverName + ".pfx"))
}
net use "\\$($serverName)\c`$" /user:"zzz-yyy\yyyyy" "xxxxx"
if (-not (dir "\\$($serverName)\c`$\temp")) {
md "\\$($serverName)\c`$\temp"
}
if (-not $cred) {
$pwdCred = ConvertTo-SecureString -String "xxxxx" -AsPlainText -Force
$cred = new-object System.Management.Automation.PSCredential("zzz-yyy\yyyyy",$pwdCred)
}
copy (join-path "c:\temp" ($serverName + ".pfx")) "\\$($serverName)\c`$\temp\" -Force
$installPfxCmd = 'certutil.exe -importPFX -p "xxxxx" "c:\temp\'+$serverName+'.pfx"'
Invoke-WmiMethod -Class Win32_Process -Name "Create" -ComputerName $serverName -ArgumentList @($installPfxCmd) -Credential $cred
del ($serverName + ".txt") -ErrorAction Ignore
del ($serverName + ".req") -ErrorAction Ignore
del ($serverName + ".cer") -ErrorAction Ignore
del ("\\$($serverName)\c`$\temp\" + $serverName+".pfx")
net use "\\$($serverName)\c`$" /delete
[string]$serverName
)
$serverName = "sql.healthcare.local"
$req = @"
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "CN=%subject%"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERT_DATA_ENCIPHERMENT_KEY_USAGE"
[Strings]
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"
[RequestAttributes]
CertificateTemplate=SCOMCert
"@
#[Extensions]
#%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"
$cert = dir cert:\localmachine\my | where {$_.subject -eq ("CN=" + $serverName)}
if (-not $cert) {
$req = $req.Replace("%subject%", $serverName)
$req | set-content ($serverName + ".txt")
certreq.exe -new ($serverName + ".txt") ($serverName + ".req")
#-attrib "CertificateTemplate:SCOMCert"
certreq.exe -submit ($serverName + ".req") ($serverName + ".cer")
certreq.exe -accept ($serverName + ".cer")
}
$cert = dir cert:\localmachine\my | where {$_.subject -eq ("CN=" + $serverName)}
if ($cert) {
$cert | Export-PfxCertificate -Password (ConvertTo-SecureString -String "xxxxxx" -AsPlainText -Force ) -FilePath (join-path "c:\temp" ($serverName + ".pfx"))
}
net use "\\$($serverName)\c`$" /user:"zzz-yyy\yyyyy" "xxxxx"
if (-not (dir "\\$($serverName)\c`$\temp")) {
md "\\$($serverName)\c`$\temp"
}
if (-not $cred) {
$pwdCred = ConvertTo-SecureString -String "xxxxx" -AsPlainText -Force
$cred = new-object System.Management.Automation.PSCredential("zzz-yyy\yyyyy",$pwdCred)
}
copy (join-path "c:\temp" ($serverName + ".pfx")) "\\$($serverName)\c`$\temp\" -Force
$installPfxCmd = 'certutil.exe -importPFX -p "xxxxx" "c:\temp\'+$serverName+'.pfx"'
Invoke-WmiMethod -Class Win32_Process -Name "Create" -ComputerName $serverName -ArgumentList @($installPfxCmd) -Credential $cred
del ($serverName + ".txt") -ErrorAction Ignore
del ($serverName + ".req") -ErrorAction Ignore
del ($serverName + ".cer") -ErrorAction Ignore
del ("\\$($serverName)\c`$\temp\" + $serverName+".pfx")
net use "\\$($serverName)\c`$" /delete
Комментариев нет:
Отправить комментарий