Private/Import-WindowsChain.ps1
|
function Import-WindowsChain { [CmdletBinding()] param( [Parameter(Mandatory)] [string]$ChainFile, [ValidateSet('LocalMachine','CurrentUser')] [string]$StoreLocation = 'LocalMachine' ) if (-not (Test-Path $ChainFile -PathType Leaf)) { Write-Error "Chain file not found: $ChainFile" return } $pems = @(Split-PemChain -ChainFile $ChainFile) try { # open the LocalMachine\CA store for writing $store = [Security.Cryptography.X509Certificates.X509Store]::new('CA',$StoreLocation) $store.Open([Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) # loop through the returned intermediates $pems | ForEach-Object { # decode the lines into the cert's byte array $certBase64 = $_[1..($_.Count-2)] -join '' $certBytes = [Convert]::FromBase64String($certBase64) try { # create the cert object we can import $cert = [Security.Cryptography.X509Certificates.X509Certificate2]::new($certBytes) # add the cert if it doesn't already exist if ($cert.Thumbprint -notin $store.Certificates.Thumbprint) { Write-Verbose "Adding chain cert '$($cert.Subject)' with thumbprint $($cert.Thumbprint) to $StoreLocation\CA store." $store.Add($cert) } else { Write-Verbose "Chain cert '$($cert.Subject)' with thumbprint $($cert.Thumbprint) already exists in $StoreLocation\CA store." } } finally { # cleanup if ($null -ne $cert) { $cert.Dispose() } } } # close the store $store.Close() } finally { # cleanup if ($null -ne $store) { $store.Dispose() } } } |