public/http/sslcert/Add-SslCert.ps1
|
function Add-SslCert { <# .SYNOPSIS Adds an sslcert binding using netsh http add sslcert .DESCRIPTION Adds an sslcert binding using netsh http add sslcert .EXAMPLE PS C:\> $cert = New-SelfSignedCertificate -Subject localhost -FriendlyName "Add-SslCert Example" -CertStoreLocation Cert:\LocalMachine\My\ PS C:\> Add-SslCert -IpPort 0.0.0.0:8443 -CertHash $cert.Thumbprint -AppId (New-Guid).Guid Creates a new sslcert binding on on interfaces and port 8443 using a new self-signed certificate and a random AppId. .OUTPUTS Outputs an [SslCert] object with the IpPort, CertHash and AppId properties, and all properties of the entry under a Properties hashtable member. #> [CmdletBinding(SupportsShouldProcess, DefaultParameterSetName='IpPortFilter')] [OutputType([SslCert])] param ( # Specifies the IP address and port for the binding. Example: [fe80::1]:443, 1.1.1.1:443, 0.0.0.0:443, [::]:443 [Parameter(ParameterSetName='IpPortBased')] [string] $IpPort, # Specifies the hostname and port for the binding. Example: www.contoso.com:443 [Parameter(ParameterSetName='HostnamePortBased')] [string] $HostnamePort, # Specifies the ccs for the sslcert registration. Example: 443 [Parameter(ParameterSetName='CcsBased')] [ValidateRange(0, 65535)] [int] $Ccs, # Specifies the application id GUID for the reservation [Parameter(Mandatory)] [Guid] $AppId, # Specifies the SHA hash of the certificate. This hash is 20 bytes long and specified as a hexadecimal string. [Parameter()] [string] $CertHash, # Turns on or turnsoff verification of revocation of client certificates. [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $VerifyClientCertRevocation, # Turns on or turns off usage of only cached client certificate for revocation checking. [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $VerifyRevocationWithCachedClientCertOnly, # Turns on or turns off usage check. Default is enabled. [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $UsageCheck, # Specifies the time interval to check for an updated certificate revocation list (CRL). If this value is 0, then the new CRL is updated only if the previous one expires (in seconds). [Parameter()] [uint64] $RevocationFreshnessTime, # Specifies the timeout interval on attempts to retrieve the certificate revocation list for the remote URL (in milliseconds). [Parameter()] [uint64] $UrlRetrievalTimeout, # Lists the certificate issuers that can be trusted. This list can be a subset of the certificate issuers that are trusted by the computer. [Parameter()] [string] $SslCtlIdentifier, # Specifies the store name under LOCAL_MACHINE where SslCtlIdentifier is stored. [Parameter()] [string] $SslCtlStoreName, # Turns on or turns off DS mappers. Default is disabled. [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $DsMapperUsage, # Turns on or turns off negotiation of certificate. Default is disabled. [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $ClientCertNegotiation, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $Reject, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $DisableHttp2, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $DisableQuic, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $DisableLegacyTls, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $DisableTls12, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $DisableTls13, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $DisableOcspStapling, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $EnableTokenBinding, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $LogExtendedEvents, [Parameter()] [ValidateSet('enable', 'disable', IgnoreCase = $false)] [string] $EnableSessionTicket, [Parameter()] [switch] $PassThru ) process { $optionalParameters = @('certhash', 'verifyclientcertrevocation', 'verifyrevocationwithcachedclientcertonly', 'usagecheck', 'revocationfreshnesstime', 'urlretrievaltimeout', 'sslctlidentifier', 'sslctlstorename', 'dsmapperusage', 'clientcertnegotiation', 'reject', 'disablehttp2', 'disablequic', 'disablelegacytls', 'disabletls12', 'disabletls13', 'disableocspstapling', 'enabletokenbinding', 'logextendedevents', 'enablesessionticket') $command = 'netsh.exe http add sslcert appid=`{' + $AppId + '`}' switch ($PSCmdlet.ParameterSetName) { 'IpPortBased' { $command += " ipport=$IpPort" } 'HostnamePortBased' { $command += " hostnameport=$HostnamePort" } 'CcsBased' { $command += " ccs=$Ccs" } Default {} } foreach ($key in $PSCmdlet.MyInvocation.BoundParameters.Keys | Where-Object { $_ -in $optionalParameters }) { $value = [string]::Empty if ($PSCmdlet.MyInvocation.BoundParameters.TryGetValue($key, [ref]$value)) { $command += " $($key.ToLower())=$value" } } Write-Verbose "Executing the command '$command'" if ($PSCmdlet.ShouldProcess((hostname), $command)) { $output = Invoke-Expression -Command $command $success = $LASTEXITCODE -eq 0 $output = [string]::Join("`r`n", $output).Trim() if ($success) { Write-Information $output if ($PassThru) { switch ($PSCmdlet.ParameterSetName) { 'IpPortBased' { Get-SslCert -IpPort $IpPort } 'HostnamePortBased' { Get-SslCert -HostnamePort $HostnamePort } 'CcsBased' { Get-SslCert -Ccs $Ccs } Default {} } } } else { Write-Error "Error: $output" } } } } |