A comprehensive PowerShell solution for automatically identifying, testing, and installing corporate certificates in WSL and Node.js environments to resolve SSL inspection issues.
This tool solves the common problem where corporate networks use SSL inspection, causing SSL certificate verification failures in development environments. It automatically:
- Discovers corporate certificates from Windows certificate stores
- Tests each certificate systematically against real domains
- Installs only effective certificates in target environments
- Validates complete SSL functionality
# Basic usage - auto-detect everything
.\Install-CorporateSSL-WSL.ps1 -Verbose
# Target specific corporate certificates
.\Install-CorporateSSL-WSL.ps1 -SearchPatterns @("YourCompany", "CA") -Verbose
# Dry run to see what would be done
.\Install-CorporateSSL-WSL.ps1 -DryRun -Verbose# Install certificates and configure environment variables
.\Install-CorporateSSL-Node.ps1 -SearchPatterns @("YourCompany") -BundleAllCerts -Verbose
# Test SSL connectivity
node tests\test-ssl-connectivity.js# Complete Docker setup with automatic certificate injection
.\Install-CorporateSSL-Docker.ps1 -SearchPatterns @("YourCompany") -CleanInstall -Verbose
# Test Docker HTTPS connectivity
docker-corp run --rm curlimages/curl:latest curl https://google.com
docker-corp run --rm curlimages/curl:latest curl https://github.comcorporate-ssl-manager/
βββ Install-CorporateSSL-WSL.ps1 # WSL certificate installer
βββ Install-CorporateSSL-Node.ps1 # Node.js certificate installer
βββ Install-CorporateSSL-Docker.ps1 # Docker certificate installer
βββ docker-corp.sh # Docker wrapper script
βββ docker-corporate-env.sh # Docker environment setup
βββ README.md # This file
βββ .gitignore # Git ignore rules
βββ CORPORATE-CERTIFICATE-ANALYSIS.md # General analysis guide
βββ docs/ # Documentation
β βββ INSTALLATION.md # Step-by-step installation guide
β βββ USAGE.md # Detailed usage guide
β βββ TROUBLESHOOTING.md # Troubleshooting guide
βββ tests/ # Test scripts
β βββ test-ssl-connectivity.js # Node.js SSL test
βββ logs/ # Generated log files (ignored)
- Pattern-based search for corporate certificates
- Excludes common public CAs (DigiCert, Let's Encrypt, etc.)
- Multi-store scanning (LocalMachine, CurrentUser)
- Duplicate detection and filtering
- Pre-installation baseline testing
- Individual certificate effectiveness testing
- Multi-domain validation against popular sites
- Success rate calculation and reporting
- WSL: Support for 25+ Linux distributions with auto-detection
- Node.js: Environment variable configuration and bundle creation
- Smart detection of target environments
- Prerequisite installation (curl, ca-certificates)
- Detailed timestamped logs with color coding
- Export to CSV/JSON formats
- Test result tracking and analysis
- Error handling and recovery
- Ubuntu Family: Ubuntu, Ubuntu-18.04/20.04/22.04/24.04, Debian, Kali Linux
- RHEL Family: Fedora, CentOS, RHEL, AlmaLinux, Rocky Linux
- SUSE Family: openSUSE Leap/Tumbleweed, SUSE Linux Enterprise
- Arch Family: Arch Linux, Manjaro
- Other: Alpine Linux
- Supported: Node.js 14+ (tested with latest LTS)
- Platforms: Windows 10/11, Windows Server 2019/2022
- Docker Engine: 20.10+ in WSL 2
- Container Support: All Linux-based containers
- Registry Support: Docker Hub, NPM, PyPI, and custom registries
| Parameter | Description | Default |
|---|---|---|
SearchPatterns |
Patterns to search for in certificates | Corporate, CA, SSL patterns |
ExcludeIssuers |
Public CAs to exclude | Common public CAs |
WSLDistro |
Target WSL distribution | Auto-detected |
TestDomains |
Domains for SSL testing | Popular test domains |
RequireAllCerts |
Install all effective certificates | $false |
DryRun |
Analyze without installing | $false |
| Parameter | Description | Default |
|---|---|---|
SearchPatterns |
Patterns to search for in certificates | Corporate, CA, SSL patterns |
BundleAllCerts |
Create certificate bundle | $false |
TestTimeout |
Timeout for tests (ms) | 10000 |
π Scanning certificate stores...
βββ LocalMachine\Root (Trusted Root CAs)
βββ LocalMachine\CA (Intermediate CAs)
βββ CurrentUser\Root (User Trusted Root CAs)
βββ Pattern matching and filtering
π Analyzing certificates...
βββ Pattern matching (CA, Corporate, SSL...)
βββ Public CA exclusion
βββ Duplicate removal
βββ Validity checking
π§ͺ Testing certificate effectiveness...
βββ Baseline connectivity test
βββ Individual certificate installation
βββ Multi-domain SSL testing
βββ Success rate calculation
βοΈ Installing effective certificates...
βββ WSL: Copy to certificate directory
βββ Node.js: Create bundle and set env vars
βββ Validation testing
βββ Cleanup of ineffective certificates
[2025-09-04 01:23:45] [TITLE] Processing certificate: Corporate Root CA
[2025-09-04 01:23:46] [SUCCESS] Certificate exported: Corporate_Root_CA_D72F47.crt
[2025-09-04 01:23:47] [SUCCESS] Certificate installed successfully
[2025-09-04 01:23:48] [PROGRESS] Testing certificate effectiveness...
[2025-09-04 01:23:49] [SUCCESS] [OK] https://google.com - Success (HTTP 200)
[2025-09-04 01:23:50] [SUCCESS] [OK] https://github.com - Success (HTTP 200)
[2025-09-04 01:23:51] [SUCCESS] Certificate effectiveness: 6/6 domains (100%)
[2025-09-04 01:23:52] [SUCCESS] All SSL connectivity tests passed!
# Search for your company's certificates
.\Install-CorporateSSL-WSL.ps1 -SearchPatterns @("YourCompany", "Internal CA") -Verbose
# Search for common SSL inspection vendors
.\Install-CorporateSSL-WSL.ps1 -SearchPatterns @("BlueCoat", "Forcepoint", "McAfee") -Verbose# Test against internal corporate domains
.\Install-CorporateSSL-WSL.ps1 -TestDomains @("https://internal.company.com", "https://app.company.com") -Verbose
# Test against problematic external domains
.\Install-CorporateSSL-WSL.ps1 -TestDomains @("https://api.github.com", "https://registry.npmjs.org") -Verbose# Install all effective certificates (comprehensive approach)
.\Install-CorporateSSL-WSL.ps1 -RequireAllCerts -Verbose
# Clean installation (remove existing certificates first)
.\Install-CorporateSSL-WSL.ps1 -CleanInstall -Verbose
# Analysis only (no installation)
.\Install-CorporateSSL-WSL.ps1 -DryRun -ExportFormat Both -Verbose- Administrator privileges required for certificate store access
- Root access in WSL required for certificate installation
- Corporate compliance - only installs certificates already trusted by Windows
- Audit trail - comprehensive logging of all operations
- No security bypass - maintains proper SSL validation
- Usage Guide - Detailed usage instructions and examples
- Troubleshooting Guide - Common issues and solutions
- Certificate Analysis - Technical analysis methodology
# Verify installed certificates
ls -la /usr/local/share/ca-certificates/
sudo update-ca-certificates --verbose
# Test SSL connectivity
curl -I https://google.com
curl -I https://github.com// Check environment variables
console.log('NODE_EXTRA_CA_CERTS:', process.env.NODE_EXTRA_CA_CERTS);
// Test SSL connectivity
node tests/test-ssl-connectivity.js- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License.
- Original WSL certificate installation concept by emilwojcik93
- WSL distribution support patterns from community contributions
- Corporate SSL inspection best practices from enterprise environments
Note: This repository contains generic scripts suitable for any corporate environment. Company-specific analysis and implementation details are maintained separately in confidential documentation.