Below script created to achieve certain requirement of include non-production domains servers in to SCOM monitoring, where gateway servers are not available and no PKI environment to issue certificate.
First part generate, import, and Export certificate (pfx) with private key and Second part import pfx certificate in to local machine.
Need to create Computers.csv with “computername, FQDN”,
#—————- Start Script——————–
$Lists = Get-content .\computers.csv
foreach ($list in $Lists)
{
$name = $List.computername # This is using as password for each pfx file
$dnsname = $List.fqdn
$subject = “CN = “+$dnsname
Get-Certificate -Template <Template_Name> -DnsName $dnsname -SubjectName $subject -CertStoreLocation cert:\LocalMachine\My
get-childitem “cert:\LocalMachine\My Where-Object { $_.Subject -eq $subject } | ForEach-Object { $_.FriendlyName = $name}
$path = “F:\Certificate\New\”$name+”.pfx”
$mypwd = ConvertTo-SecureString -String $name -Force –AsPlainText
get-childitem “cert:\LocalMachine\My Where-Object { $_.Subject -eq $subject } | Export-PfxCertificate -FilePath $path -Password $mypwd
}
#————— Script End——————–
Below Script import the certificate on lo local machine, Copy certificate chain and Ps1 file on remote machine C:\temp and execute using psexec or Powershell remoting
Invoke-Command -ComputerName PC1,PC2,PC3 -FilePath C:\Temp\Cert_ImportScript.ps1
Note: If you want to remote execute, I will advice to use common password in first part instead of $name = $List.computername and $Computer = Read-Host “Provide Computer name (all in CAPITALS)” in second part.
#——————-Script Start —————————–
$Computer = Read-Host “Provide Computer name (all in CAPITALS)” # uses it as a password for importing certificate
function Import-509Certificate {
param([String]$certPath1,[String]$certRootStore1,[String]$certStore1)
$certificate = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$certificate.import($certPath1)
$store1 = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore1,$certRootStore1)
$store1.open(“MaxAllowed”)
$store1.add($certificate)
$store1.close()
}
function Import-PfxCertificate {
param([String]$certPath,[String]$certRootStore = “CurrentUser”,[String]$certStore = “My”,$pfxPass = $null)
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfxPass = $Computer
if ($pfxPass -eq $null) {$pfxPass = read-host “Enter the pfx password” -assecurestring}
$pfx.import($certPath,$pfxPass,”Exportable,PersistKeySet”)
$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
$store.open(“MaxAllowed”)
$store.add($pfx)
$store.close()
}
$pfxpath = “C:\Temp\”+$Computer+”.pfx”
Import-PfxCertificate $pfxpath “LocalMachine” “My”
# import any new certifcate chain saved on C:\Temp
Import-509Certificate “C:\Temp\Cert_Chain1.cer” “LocalMachine” “Root”
Import-509Certificate “C:\Temp\Cert_Chain2.cer” “LocalMachine” “Root”
#————— Script End——————–
Share your feedback!