POWERSHELL SCRIPT :: Request for Certifcate and Import in to Remote Machine


Below script created to achieve certain requirement of include non-production domains servers in to SCOM monitoring, where gateway servers are not available and no PKI environment to issue certificate.

First part generate, import, and Export certificate (pfx) with private key and Second part import pfx certificate in to local machine.

Need to create Computers.csv with “computername, FQDN”,

img_59af069d7eb04

 

#—————- Start Script——————–

$Lists = Get-content .\computers.csv
foreach ($list in $Lists)
{
$name = $List.computername  # This is using as password for each pfx file
$dnsname = $List.fqdn
$subject = “CN = “+$dnsname
Get-Certificate -Template <Template_Name> -DnsName $dnsname -SubjectName $subject -CertStoreLocation cert:\LocalMachine\My
get-childitem “cert:\LocalMachine\My Where-Object { $_.Subject -eq $subject } | ForEach-Object { $_.FriendlyName = $name}
$path = “F:\Certificate\New\”$name+”.pfx”
$mypwd = ConvertTo-SecureString -String $name -Force –AsPlainText
get-childitem “cert:\LocalMachine\My Where-Object { $_.Subject -eq $subject } | Export-PfxCertificate -FilePath $path -Password $mypwd
}

#————— Script End——————–

Below Script import the certificate on lo local machine, Copy certificate chain and Ps1 file on remote machine C:\temp and execute using psexec or Powershell remoting

Invoke-Command -ComputerName PC1,PC2,PC3 -FilePath C:\Temp\Cert_ImportScript.ps1

Note: If you want to remote execute, I will advice to use common password in first part instead of  $name = $List.computername and $Computer = Read-Host “Provide Computer name (all in CAPITALS)” in second part.

#——————-Script Start —————————–

$Computer = Read-Host “Provide Computer name (all in CAPITALS)” # uses it as a password for importing certificate

function Import-509Certificate {

param([String]$certPath1,[String]$certRootStore1,[String]$certStore1)

$certificate = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$certificate.import($certPath1)

$store1 = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore1,$certRootStore1)
$store1.open(“MaxAllowed”)
$store1.add($certificate)
$store1.close()
}

function Import-PfxCertificate {

param([String]$certPath,[String]$certRootStore = “CurrentUser”,[String]$certStore = “My”,$pfxPass = $null)
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

$pfxPass = $Computer

if ($pfxPass -eq $null) {$pfxPass = read-host “Enter the pfx password” -assecurestring}

$pfx.import($certPath,$pfxPass,”Exportable,PersistKeySet”)

$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
$store.open(“MaxAllowed”)
$store.add($pfx)
$store.close()
}
$pfxpath = “C:\Temp\”+$Computer+”.pfx”
Import-PfxCertificate $pfxpath “LocalMachine” “My”

# import any new certifcate chain saved on C:\Temp

Import-509Certificate “C:\Temp\Cert_Chain1.cer” “LocalMachine” “Root”
Import-509Certificate “C:\Temp\Cert_Chain2.cer” “LocalMachine” “Root”

#————— Script End——————–

Share your feedback!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s