2020-03-24 15:15:52 -04:00
|
|
|
function Get-IcingaSSLCertForSocket()
|
|
|
|
|
{
|
|
|
|
|
param(
|
|
|
|
|
[string]$CertFile = $null,
|
|
|
|
|
[string]$CertThumbprint = $null
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
# At first check if we assigned a cert file to use directly and check
|
|
|
|
|
# if it is there and either import a PFX or use our convert function
|
|
|
|
|
# to get a proper certificate
|
|
|
|
|
if ([string]::IsNullOrEmpty($CertFile) -eq $FALSE) {
|
|
|
|
|
if ((Test-Path $CertFile)) {
|
2021-05-10 03:17:46 -04:00
|
|
|
if ([IO.Path]::GetExtension($CertFile) -eq '.pfx') {
|
2020-03-24 15:15:52 -04:00
|
|
|
return (New-Object Security.Cryptography.X509Certificates.X509Certificate2 $CertFile);
|
|
|
|
|
} else {
|
|
|
|
|
return ConvertTo-IcingaX509Certificate -CertFile $CertFile;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# We could also have assigned a Thumbprint to use from the
|
|
|
|
|
# Windows cert store. Try to look it up an return it if
|
|
|
|
|
# it is found
|
|
|
|
|
if ([string]::IsNullOrEmpty($CertThumbprint) -eq $FALSE) {
|
2020-08-04 08:48:32 -04:00
|
|
|
$Certificates = Get-ChildItem `
|
|
|
|
|
-Path 'cert:\*' `
|
|
|
|
|
-Recurse `
|
|
|
|
|
-Include $CertThumbprint `
|
|
|
|
|
-ErrorAction SilentlyContinue `
|
|
|
|
|
-WarningAction SilentlyContinue;
|
2020-03-24 15:15:52 -04:00
|
|
|
|
|
|
|
|
if ($Certificates.Count -ne 0) {
|
|
|
|
|
return $Certificates[0];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-17 04:32:24 -05:00
|
|
|
# If no cert file or thumbprint was specified or simply as fallback,
|
2020-03-24 15:15:52 -04:00
|
|
|
# we should use the Icinga 2 Agent certificates
|
|
|
|
|
$AgentCertificate = Get-IcingaAgentHostCertificate;
|
|
|
|
|
|
|
|
|
|
# If Agent is not installed or certificates were not found,
|
|
|
|
|
# simply return null
|
|
|
|
|
if ($null -eq $AgentCertificate) {
|
|
|
|
|
return $null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (ConvertTo-IcingaX509Certificate -CertFile $AgentCertificate.CertFile);
|
|
|
|
|
}
|
