2020-03-24 15:10:41 -04:00
function Get-IcingaAgentHostCertificate ( )
{
2021-08-06 12:12:27 -04:00
if ( -Not ( Test-Path -Path ( Join-Path -Path $Env:ProgramData -ChildPath 'icinga2\var\lib\icinga2\certs\' ) ) ) {
return @ {
'CertFile' = '' ;
'Subject' = '' ;
'Thumbprint' = '' ;
} ;
}
2020-03-24 15:10:41 -04:00
# Default for Icinga 2.8.0 and above
[ string ] $CertDirectory = ( Join-Path -Path $Env:ProgramData -ChildPath 'icinga2\var\lib\icinga2\certs\*' ) ;
$FolderContent = Get-ChildItem -Path $CertDirectory -Filter '*.crt' -Exclude 'ca.crt' ;
2022-02-17 04:32:24 -05:00
$Hostname = Get-IcingaHostname -ReadConstants ;
2020-03-24 15:10:41 -04:00
$CertPath = $null ;
foreach ( $certFile in $FolderContent ) {
2020-11-24 07:52:37 -05:00
if ( $certFile . Name -like ( [ string ] :: Format ( '{0}.crt' , $Hostname ) ) ) {
2020-03-24 15:10:41 -04:00
$CertPath = $certFile . FullName ;
break ;
}
}
if ( [ string ] :: IsNullOrEmpty ( $CertPath ) ) {
return $null ;
}
$Certificate = New-Object Security . Cryptography . X509Certificates . X509Certificate2 $CertPath ;
2020-08-04 08:48:32 -04:00
2022-03-17 06:35:08 -04:00
if ( $null -ne $Certificate ) {
if ( $Certificate . Issuer . ToLower ( ) -eq ( [ string ] :: Format ( 'cn={0}' , $Hostname ) . ToLower ( ) ) ) {
Write-IcingaConsoleWarning `
-Message 'The Icinga Agent certificate "{0}" seems not to be signed by our Icinga CA yet. Using this certificate for the REST-Api as example might not work. Please check the state of the certificate and complete the signing process if required. [IWKB000013]' `
-Objects $CertPath ;
Write-IcingaEventMessage -EventId 1506 -Namespace 'Framework' -Objects $CertPath ;
}
}
2020-03-24 15:10:41 -04:00
return @ {
'CertFile' = $CertPath ;
2020-03-25 02:48:55 -04:00
'Subject' = $Certificate . Subject ;
2020-03-24 15:10:41 -04:00
'Thumbprint' = $Certificate . Thumbprint ;
} ;
}
