PlannerOne.Deployment

1.0.82

Public/Set-P1WebSSL.ps1

                                function Set-P1WebSSL {

    <# 

    .Synopsis

    Enable or disable SSL for the PlannerOne Web server.

    .Description

    Enable or disable SSL for PlannerOne web application.

    Set certificate and binding on web site.

    Change REST web service security accordingly.

    .Parameter Tenant

    The target tenant.

    .Parameter Enable

    Enable SSL.

    .Parameter Disable

    Disable SSL.

    .Parameter SSLPort

    The port of binding. By default 443.

    .Parameter CertificateStore

    The store to use to get certificate. By default 'My'

    .Parameter CertificateFriendlyName

    The certificate friendly name to associate to binding. Exclusive option with thumbprint.

    .Parameter CertificateThumbprint

    The certificate thumbprint to associate to binding. Exclusive option with FriendlyName.

    .Parameter HostedIP

    The hosted ip associate to binding's certificate. 0.0.0.0 if not define.

    .Example

    # Enable SSL

    Set-P1WebSSL -Tenant Prod -Enable -CertificateFriendlyName server-prod-certif -Store Root

    .Example

    # Disable SSL on port 8443

    Set-P1WebSSL -tenant PROD -Disable -SSLPort 8443

    #>

    [cmdletbinding()]

    param( 

        [Parameter(Mandatory=$true)]

        [string] $Tenant,

        [switch] $Enable,

        [switch] $Disable,

        [int] $SSLPort,

        [string] $CertificateStore,

        [string] $CertificateFriendlyName,

        [string] $CertificateThumbprint,

        [string] $HostedIP

    )

    Process

    {

        Write-Section "Setting Web Application SSL"

        if ($Enable -and $Disable) {

            Write-Warning "You can only choose one option."

            return

        }

        if (!($Enable -or $Disable)) {

            Write-Warning "You need to choose one option."

            return

        }

        if ($SSLPort -eq 0) {

            Write-Warning "No SSL Port define, trying with 443."

            $SSLPort = 443

        }

        if (!(Test-Tenant $Tenant)) {

            Write-Warning "Tenant $Tenant does not exist."

            Write-Warning "Operation canceled."

            return;

        }

        $info = Get-P1Tenant $Tenant

        $host = $info.WebHost

        $port = $info.SitePort

        $app = $info.WebApplicationName

        Write-Output "Host: $host, Port: $port, Application name: $app"

        $site = Find-WebSite $port

        $siteName = $site.Name

        if ($site -eq $null) {

            Write-Warning "No site use binding $port configured for tenant Web Application $app of tenant $Tenant. Operation canceled."

            return

        } else {

            Write-Verbose "Site found"

        }

        $bindingHostedIP = $HostedIP

        if ($HostedIP -eq "") {

            $HostedIP = "0.0.0.0"

            $bindingHostedIP = "*"

        }

        # Disable binding for site

        if ($Disable) {

            Write-Verbose "Removing binding $SSLPort on site $siteName"

            Remove-WebBinding -Name "$siteName" -Port $SSLPort 

            Write-Verbose "Removing SSL binding record"

            Remove-Item "IIS:\SslBindings\$HostedIP!$SSLPort"

            Store-WebConf $Tenant "SSL" "false"

            Register-P1WebServices $Tenant

            Write-OK "Web SSL disabled for tenant $Tenant"

            return

        }

        # Create binding for site

        Write-Verbose "Creating new binding $SSLPort on site $siteName"

        try {

            New-WebBinding -Name "$siteName" -IPAddress "$bindingHostedIP" -Port $SSLPort -Protocol https

        } catch {

            Write-KO "Port is already define on site"

            return

        }

        # Create SSL Binding in IIS

        if ($CertificateStore -eq "") {

            $CertificateStore = "My"

        }

        if ($CertificateFriendlyName -ne "" -and $CertificateThumbprint -ne "" ) {

            Write-Warning "You can only use one certificate option between CertificateFriendlyName and CertificateThumbprint"

            return

        }

        if ($CertificateFriendlyName -eq "" -and $CertificateThumbprint -eq "" ) {

            Write-Warning "You must choose one certificate option between CertificateFriendlyName and CertificateThumbprint"

            return

        }

        $certificateLocation = "cert:\LocalMachine\$CertificateStore"

        Write-Verbose "Certificate location is $certificateLocation"

        if ($CertificateFriendlyName -ne "") {

            Write-Verbose "Searching for certificate with friendly name $CertificateFriendlyName"

            $certificate = Get-ChildItem $certificateLocation | where-object { $_.FriendlyName -eq "$CertificateFriendlyName" }

        }

        if ($CertificateThumbprint -ne "") {

            Write-Verbose "Searching for certificate with thumbprint $CertificateThumbprint"

            $certificate = Get-ChildItem $certificateLocation | where-object { $_.Thumbprint -eq "$CertificateThumbprint" }

        }

        if ($certificate -eq $null) {

            Write-KO "Cannot find certificate $CertificateFriendlyName $CertificateThumbprint in $certificateLocation"

            return

        } else {

            Write-Verbose "Certificate has been found"

        }

        Write-Verbose "Writing SSL binding IIS:\SslBindings\$HostedIP!$SSLPort"

        $certificate | New-Item "IIS:\SslBindings\$HostedIP!$SSLPort"

        Write-Verbose "SSL binding written"

        Store-WebConf $Tenant "SSL" "true"

        Register-P1WebServices $Tenant

        Write-OK "Web SSL enabled for tenant $Tenant"

    }    

}