-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathSet-CCMCert.ps1
78 lines (67 loc) · 2.97 KB
/
Set-CCMCert.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<#
.SYNOPSIS
Certificate renewal script for Chocolatey Central Management(CCM)
.DESCRIPTION
This script will go through and renew the certificate association with both the Chocolatey Central Management Service and IIS Web hosted dashboard.
.PARAMETER CertificateThumbprint
Thumbprint value of the certificate you would like the Chocolatey Central Management Service and Web to run on.
Please make sure the certificate is located in both the Cert:\LocalMachine\TrustedPeople\ and Cert:\LocalMachine\My certificate stores.
.EXAMPLE
PS> .\Set-CCMCert.ps1 -CertificateThumbprint 'Your_Certificate_Thumbprint_Value'
#>
[CmdletBinding()]
param(
[Parameter(Mandatory)]
[Alias("CertificateThumbprint")]
[ArgumentCompleter({
Get-ChildItem Cert:\LocalMachine\TrustedPeople | ForEach-Object {
[System.Management.Automation.CompletionResult]::new(
$_.Thumbprint,
$_.Thumbprint,
"ParameterValue",
($_.Subject -replace "^CN=(?<FQDN>.+),?.*$",'${FQDN}')
)
}
})]
[String]
$Thumbprint
)
begin {
if($host.name -ne 'ConsoleHost') {
Write-Warning "This script cannot be ran from within PowerShell ISE"
Write-Warning "Please launch powershell.exe as an administrator, and run this script again"
break
}
}
process {
#Stop Central Management components
Stop-Service chocolatey-central-management
Get-Process chocolateysoftware.chocolateymanagement.web* | Stop-Process -ErrorAction SilentlyContinue -Force
#Remove existing bindings
Write-Verbose "Removing existing bindings"
netsh http delete sslcert ipport=0.0.0.0:443
#Add new CCM Web IIS Binding
Write-Verbose "Adding new IIS binding to Chocolatey Central Management"
$guid = [Guid]::NewGuid().ToString("B")
netsh http add sslcert ipport=0.0.0.0:443 certhash=$Thumbprint certstorename=MY appid="$guid"
Get-WebBinding -Name ChocolateyCentralManagement | Remove-WebBinding
New-WebBinding -Name ChocolateyCentralManagement -Protocol https -Port 443 -SslFlags 0 -IpAddress '*'
#Write Thumbprint to CCM Service appsettings.json
$appSettingsJson = 'C:\ProgramData\chocolatey\lib\chocolatey-management-service\tools\service\appsettings.json'
$json = Get-Content $appSettingsJson | ConvertFrom-Json
$json.CertificateThumbprint = $Thumbprint
$json | ConvertTo-Json | Set-Content $appSettingsJson -Force
#Try Restarting CCM Service
try {
Start-Service chocolatey-central-management -ErrorAction Stop
}
catch {
#Try again...
Start-Service chocolatey-central-management -ErrorAction SilentlyContinue
}
finally {
if ((Get-Service chocolatey-central-management).Status -ne 'Running') {
Write-Warning "Unable to start Chocolatey Central Management service, please start manually in Services.msc"
}
}
}