62c0c7bb06
Structure: - asset-collection/: Local PC data collection scripts - remote-execution/: WinRM remote execution scripts - setup-utilities/: Configuration and testing utilities - registry-backup/: GE registry backup scripts - winrm-https/: WinRM HTTPS certificate setup - docs/: Complete documentation Each folder includes a README with detailed documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
156 lines
5.1 KiB
PowerShell
156 lines
5.1 KiB
PowerShell
#Requires -RunAsAdministrator
|
|
|
|
param(
|
|
[string]$CACommonName = "Shopfloor WinRM CA",
|
|
[string]$OutputPath = ".",
|
|
[int]$ValidityYears = 10,
|
|
[SecureString]$ExportPassword
|
|
)
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Certificate Authority Creation for WinRM HTTPS ===" -ForegroundColor Cyan
|
|
Write-Host ""
|
|
|
|
# Prompt for password if not provided
|
|
if (-not $ExportPassword) {
|
|
Write-Host "Enter a strong password to protect the CA private key:" -ForegroundColor Yellow
|
|
$ExportPassword = Read-Host "CA Password" -AsSecureString
|
|
$ExportPassword2 = Read-Host "Confirm Password" -AsSecureString
|
|
|
|
$pass1 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($ExportPassword))
|
|
$pass2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($ExportPassword2))
|
|
|
|
if ($pass1 -ne $pass2) {
|
|
Write-Host "Passwords do not match!" -ForegroundColor Red
|
|
exit 1
|
|
}
|
|
}
|
|
|
|
# Create output directory
|
|
if (-not (Test-Path $OutputPath)) {
|
|
New-Item -ItemType Directory -Path $OutputPath -Force | Out-Null
|
|
}
|
|
|
|
Write-Host "Creating Certificate Authority..." -ForegroundColor Yellow
|
|
Write-Host " Common Name: $CACommonName"
|
|
Write-Host " Valid for: $ValidityYears years"
|
|
Write-Host ""
|
|
|
|
try {
|
|
$notAfter = (Get-Date).AddYears($ValidityYears)
|
|
|
|
$caCert = New-SelfSignedCertificate `
|
|
-Subject "CN=$CACommonName" `
|
|
-KeyExportPolicy Exportable `
|
|
-KeyUsage CertSign,CRLSign,DigitalSignature `
|
|
-KeyUsageProperty All `
|
|
-KeyLength 4096 `
|
|
-KeyAlgorithm RSA `
|
|
-HashAlgorithm SHA256 `
|
|
-CertStoreLocation 'Cert:\LocalMachine\My' `
|
|
-NotAfter $notAfter `
|
|
-Type Custom `
|
|
-TextExtension '2.5.29.19={text}CA=1&pathlength=0','2.5.29.37={text}1.3.6.1.5.5.7.3.1'
|
|
|
|
Write-Host "[OK] Certificate Authority created successfully" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host "Certificate Details:"
|
|
Write-Host " Subject: $($caCert.Subject)"
|
|
Write-Host " Thumbprint: $($caCert.Thumbprint)"
|
|
Write-Host " Valid Until: $($caCert.NotAfter)"
|
|
Write-Host ""
|
|
|
|
} catch {
|
|
Write-Host "[ERROR] Failed to create CA certificate: $($_.Exception.Message)" -ForegroundColor Red
|
|
exit 1
|
|
}
|
|
|
|
# Export PFX
|
|
$timestamp = Get-Date -Format "yyyyMMdd"
|
|
$caFileNameBase = $CACommonName -replace '[^a-zA-Z0-9]', '-'
|
|
$pfxPath = Join-Path $OutputPath "$caFileNameBase-$timestamp.pfx"
|
|
|
|
Write-Host "Exporting CA certificate with private key..."
|
|
Write-Host " File: $pfxPath"
|
|
|
|
try {
|
|
Export-PfxCertificate -Cert $caCert -FilePath $pfxPath -Password $ExportPassword | Out-Null
|
|
Write-Host "[OK] CA certificate exported (with private key)" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host "WARNING: Protect this file - it contains the CA private key!" -ForegroundColor Yellow
|
|
Write-Host ""
|
|
} catch {
|
|
Write-Host "[ERROR] Failed to export PFX: $($_.Exception.Message)" -ForegroundColor Red
|
|
exit 1
|
|
}
|
|
|
|
# Export CER
|
|
$cerPath = Join-Path $OutputPath "$caFileNameBase-$timestamp.cer"
|
|
|
|
Write-Host "Exporting CA public certificate..."
|
|
Write-Host " File: $cerPath"
|
|
|
|
try {
|
|
Export-Certificate -Cert $caCert -FilePath $cerPath | Out-Null
|
|
Write-Host "[OK] CA public certificate exported" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host "Install this certificate on all management computers"
|
|
Write-Host ""
|
|
} catch {
|
|
Write-Host "[ERROR] Failed to export CER: $($_.Exception.Message)" -ForegroundColor Red
|
|
exit 1
|
|
}
|
|
|
|
# Create info file
|
|
$infoPath = Join-Path $OutputPath "CA-INFO-$timestamp.txt"
|
|
$infoContent = @"
|
|
Certificate Authority Information
|
|
==================================
|
|
|
|
Created: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')
|
|
|
|
CA Details:
|
|
Common Name: $CACommonName
|
|
Thumbprint: $($caCert.Thumbprint)
|
|
Valid Until: $($caCert.NotAfter)
|
|
|
|
Files Created:
|
|
1. $pfxPath
|
|
- CA with private key (KEEP SECURE!)
|
|
|
|
2. $cerPath
|
|
- CA public certificate (Install on management computers)
|
|
|
|
Next Steps:
|
|
1. Install CA on YOUR computer:
|
|
Import-Certificate -FilePath '$cerPath' -CertStoreLocation Cert:\LocalMachine\Root
|
|
|
|
2. Sign PC certificates:
|
|
.\Sign-BulkCertificates.ps1 -HostnameFile shopfloor-hostnames.txt -CAPfxPath '$pfxPath'
|
|
"@
|
|
|
|
$infoContent | Out-File -FilePath $infoPath -Encoding UTF8
|
|
|
|
# Summary
|
|
Write-Host "=== CERTIFICATE AUTHORITY CREATED ===" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host "Files Created:"
|
|
Write-Host " 1. $pfxPath"
|
|
Write-Host " (CA with private key - KEEP SECURE!)"
|
|
Write-Host ""
|
|
Write-Host " 2. $cerPath"
|
|
Write-Host " (CA public certificate - Install on management computers)"
|
|
Write-Host ""
|
|
Write-Host " 3. $infoPath"
|
|
Write-Host " (Information file)"
|
|
Write-Host ""
|
|
Write-Host "CA Thumbprint: $($caCert.Thumbprint)" -ForegroundColor Yellow
|
|
Write-Host ""
|
|
Write-Host "Next Steps:"
|
|
Write-Host " 1. Install CA on YOUR computer:"
|
|
Write-Host " Import-Certificate -FilePath '$cerPath' -CertStoreLocation Cert:\LocalMachine\Root"
|
|
Write-Host ""
|
|
Write-Host " 2. Sign PC certificates:"
|
|
Write-Host " .\Sign-BulkCertificates.ps1 -HostnameFile shopfloor-hostnames.txt -CAPfxPath '$pfxPath'"
|
|
Write-Host ""
|