icinga-powershell-framework/lib/webserver/ConvertTo-IcingaX509Certificate.psm1

function ConvertTo-IcingaX509Certificate()
{
    param(
        [string]$CertFile          = $null,
        [string]$OutFile           = $null,
        [switch]$Force             = $FALSE
    );

    if ([string]::IsNullOrEmpty($CertFile)) {
        throw 'Please specify a valid path to an existing certificate (.cer, .pem, .cert)';
    }

    if ((Test-Path $CertFile) -eq $FALSE) {
        throw 'The provided path to your certificate was not valid';
    }

    # Use an empty password for converted certificates
    $Password       = $null;
    # Use a target file to specify if we use temp files or not
    $TargetFile     = $OutFile;
    # Temp Cert
    [bool]$TempFile = $FALSE;

    # Create a temp file to store the certificate in
    if ([string]::IsNullOrEmpty($OutFile)) {
        # Create a temporary file for full path and name
        $TargetFile = New-IcingaTemporaryFile;
        # Get the actual path to work with
        $TargetFile = $TargetFile.FullName;
        # Set internally that we are using a temp file
        $TempFile   = $TRUE;
        # Delete the file again
        Remove-Item $TargetFile -Force -ErrorAction SilentlyContinue;
    }

    # Convert our certificate if our target file does not exist
    # it is a temp file or we force its creation
    if (-Not (Test-Path $TargetFile) -Or $TempFile -Or $Force) {
        Write-Output "$Password
        $Password" | & 'C:\Windows\system32\certutil.exe' -mergepfx "$CertFile" "$TargetFile" | Set-Variable -Name 'CertUtilOutput';
    }

    Write-IcingaDebugMessage -Message (
        [string]::Format(
            'Certutil merge request has been completed. Certutil message:{0}{0}{1}',
            (New-IcingaNewLine),
            ($CertUtilOutput | Out-String)
        )
    );

    # If no target file exists afterwards (a valid PFX certificate)
    # then throw an exception
    if (-Not (Test-Path $TargetFile)) {
        [string]$ErrMessage = [string]::Format('Unable to create the Icinga for Windows certificate file "icingaforwindows.pfx". Certutil output:{0}{1}', (New-IcingaNewLine), ($CertUtilOutput | Out-String));
        Write-IcingaConsoleError $ErrMessage;
        throw $ErrMessage;
    }

    # Now load the actual certificate from the path
    $Certificate = New-Object Security.Cryptography.X509Certificates.X509Certificate2 $TargetFile;
    # Delete the PFX-Certificate which will be present after certutil merge
    if ($TempFile) {
        Remove-Item $TargetFile -Force -ErrorAction SilentlyContinue;
    }

    # Return the certificate
    return $Certificate
}
Add support to create X509 certificates based on .crt/.cert Thanks to @crited 2020-03-24 06:13:01 -04:00			`function ConvertTo-IcingaX509Certificate()`
			`{`
			`param(`
			`[string]$CertFile = $null,`
			`[string]$OutFile = $null,`
			`[switch]$Force = $FALSE`
			`);`

Adds exceptions in case source Cert file is missing as argument or invalid 2020-03-26 02:33:28 -04:00			`if ([string]::IsNullOrEmpty($CertFile)) {`
			`throw 'Please specify a valid path to an existing certificate (.cer, .pem, .cert)';`
			`}`

			`if ((Test-Path $CertFile) -eq $FALSE) {`
			`throw 'The provided path to your certificate was not valid';`
			`}`

Add support to create X509 certificates based on .crt/.cert Thanks to @crited 2020-03-24 06:13:01 -04:00			`# Use an empty password for converted certificates`
			`$Password = $null;`
			`# Use a target file to specify if we use temp files or not`
Fixes cert file output file to apply 2020-03-26 02:32:57 -04:00			`$TargetFile = $OutFile;`
Add support to create X509 certificates based on .crt/.cert Thanks to @crited 2020-03-24 06:13:01 -04:00			`# Temp Cert`
			`[bool]$TempFile = $FALSE;`

			`# Create a temp file to store the certificate in`
			`if ([string]::IsNullOrEmpty($OutFile)) {`
			`# Create a temporary file for full path and name`
			`$TargetFile = New-IcingaTemporaryFile;`
			`# Get the actual path to work with`
			`$TargetFile = $TargetFile.FullName;`
			`# Set internally that we are using a temp file`
			`$TempFile = $TRUE;`
			`# Delete the file again`
			`Remove-Item $TargetFile -Force -ErrorAction SilentlyContinue;`
			`}`

			`# Convert our certificate if our target file does not exist`
			`# it is a temp file or we force its creation`
			`if (-Not (Test-Path $TargetFile) -Or $TempFile -Or $Force) {`
			`Write-Output "$Password`
Fixes usage of wrong certutil if present in PATH instead of system32 binary 2024-04-12 13:22:55 -04:00			`$Password" \| & 'C:\Windows\system32\certutil.exe' -mergepfx "$CertFile" "$TargetFile" \| Set-Variable -Name 'CertUtilOutput';`
Add support to create X509 certificates based on .crt/.cert Thanks to @crited 2020-03-24 06:13:01 -04:00			`}`

Improves certutil output by writing it into eventlog on debug mode 2020-03-26 02:34:10 -04:00			`Write-IcingaDebugMessage -Message (`
			`[string]::Format(`
			`'Certutil merge request has been completed. Certutil message:{0}{0}{1}',`
			`(New-IcingaNewLine),`
Fixes certutil error handling and message output in case the icingaforwindows.pfx could not be created 2024-02-28 09:41:05 -05:00			`($CertUtilOutput \| Out-String)`
Improves certutil output by writing it into eventlog on debug mode 2020-03-26 02:34:10 -04:00			`)`
			`);`

Add support to create X509 certificates based on .crt/.cert Thanks to @crited 2020-03-24 06:13:01 -04:00			`# If no target file exists afterwards (a valid PFX certificate)`
			`# then throw an exception`
			`if (-Not (Test-Path $TargetFile)) {`
Fixes certutil error handling and message output in case the icingaforwindows.pfx could not be created 2024-02-28 09:41:05 -05:00			`[string]$ErrMessage = [string]::Format('Unable to create the Icinga for Windows certificate file "icingaforwindows.pfx". Certutil output:{0}{1}', (New-IcingaNewLine), ($CertUtilOutput \| Out-String));`
			`Write-IcingaConsoleError $ErrMessage;`
			`throw $ErrMessage;`
Add support to create X509 certificates based on .crt/.cert Thanks to @crited 2020-03-24 06:13:01 -04:00			`}`

			`# Now load the actual certificate from the path`
			`$Certificate = New-Object Security.Cryptography.X509Certificates.X509Certificate2 $TargetFile;`
			`# Delete the PFX-Certificate which will be present after certutil merge`
Fixes x509 cert conversion to only delete temp files not output files 2020-03-26 02:32:20 -04:00			`if ($TempFile) {`
			`Remove-Item $TargetFile -Force -ErrorAction SilentlyContinue;`
			`}`
Add support to create X509 certificates based on .crt/.cert Thanks to @crited 2020-03-24 06:13:01 -04:00
			`# Return the certificate`
			`return $Certificate`
			`}`