helmut
/
ssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ssl/installSSL.ps1

94 lines
5.1 KiB
PowerShell
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ============================================================
# Skript ustanovki sertifikata dlya RDP signing
# Zapusk: irm https://git.help-d.ru/helmut/ssl.git/raw/branch/main/installSSL.ps1 | iex
# ============================================================
# ========== НАСТРОЙКИ (править при размещении на своём Gitea) ==========
$GiteaUrl = "https://git.help-d.ru" # Адрес твоего Gitea
$RepoPath = "helmut/ssl.git//raw/branch/main" # Путь к raw-файлам
$CertFileName = "Help-D_RDP.pfx" # Имя PFX-файла в репо
$CertPassword = "sj032ssa" # Пароль от PFX
$CertStorePath = "C:\tmp\cert" # Папка для временного хранения
$ThumbprintFile = "$CertStorePath\thumbprint.txt" # Куда сохранить отпечаток
# ======================================================================
# Проверка прав администратора
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Error "❌ Запустите PowerShell от имени Администратора"
exit 1
}
# 1. Подготовка папки
Write-Host "`n[1/4] Preparing folder..." -ForegroundColor Cyan
if (-not (Test-Path $CertStorePath)) {
New-Item -ItemType Directory -Path $CertStorePath -Force | Out-Null
Write-Host " Created: $CertStorePath" -ForegroundColor Gray
}
# 2. Скачивание сертификата
Write-Host "[2/4] Downloading certificate..." -ForegroundColor Cyan
$CertUrl = "$GiteaUrl/$RepoPath/$CertFileName"
$CertPath = "$CertStorePath\$CertFileName"
try {
Invoke-WebRequest -Uri $CertUrl -OutFile $CertPath -ErrorAction Stop -UseBasicParsing
Write-Host " Downloaded: $CertFileName" -ForegroundColor Green
} catch {
Write-Error "❌ Failed to download certificate from $CertUrl`n Error: $_"
exit 1
}
# 3. Установка в хранилища
Write-Host "[3/4] Installing certificate..." -ForegroundColor Cyan
$SecurePass = ConvertTo-SecureString -String $CertPassword -AsPlainText -Force
try {
# Импорт в личное хранилище (приватный ключ для подписи)
$Cert = Import-PfxCertificate -FilePath $CertPath -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePass -Exportable
$Thumb = $Cert.Thumbprint
# Импорт в доверенные корневые центры
Import-PfxCertificate -FilePath $CertPath -CertStoreLocation Cert:\LocalMachine\Root -Password $SecurePass | Out-Null
# Импорт в доверенные издатели (обязательно для RDP)
Import-PfxCertificate -FilePath $CertPath -CertStoreLocation Cert:\LocalMachine\TrustedPublisher -Password $SecurePass | Out-Null
Write-Host " Certificate installed to:" -ForegroundColor Green
Write-Host " • LocalMachine\My" -ForegroundColor Gray
Write-Host " • LocalMachine\Root" -ForegroundColor Gray
Write-Host " • LocalMachine\TrustedPublisher" -ForegroundColor Gray
} catch {
# Если сертификат уже установлен — берём его из хранилища
if ($_.Exception.Message -match "already exists") {
$Cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*Help-D*" } | Select-Object -First 1
$Thumb = $Cert.Thumbprint
Write-Host " Certificate already installed. Using existing." -ForegroundColor Yellow
} else {
Write-Error "❌ Installation error: $_"
exit 1
}
}
# 4. Сохранение отпечатка и вывод результата
Write-Host "[4/4] Saving thumbprint..." -ForegroundColor Cyan
$Thumb | Out-File -FilePath $ThumbprintFile -Encoding ASCII -Force
Write-Host " Saved to: $ThumbprintFile" -ForegroundColor Gray
# ============================================
# РЕЗУЛЬТАТ
# ============================================
Write-Host "`n==========================================" -ForegroundColor Green
Write-Host " CERTIFICATE INSTALLATION COMPLETE" -ForegroundColor Green
Write-Host "==========================================" -ForegroundColor Green
Write-Host "`nThumbprint (для подписи RDP):" -ForegroundColor Yellow
Write-Host "------------------------------------------------"
Write-Host "$Thumb" -ForegroundColor White -BackgroundColor DarkBlue
Write-Host "------------------------------------------------"
Write-Host "`nТеперь можно запускать скрипт подписи:" -ForegroundColor Cyan
Write-Host " irm https://git.help-d.ru/.../sign-rdp.ps1 | iex" -ForegroundColor Gray
Write-Host ""
# Очистка: удаляем PFX, оставляем только отпечаток
Remove-Item $CertPath -Force -ErrorAction SilentlyContinue
Write-Host "🗑️ PFX-файл удалён из $CertStorePath (остался только отпечаток)" -ForegroundColor Gray
Reference in New Issue View Git Blame Copy Permalink