From 386f2be29056de0213a45f443bea722acc173379 Mon Sep 17 00:00:00 2001 From: Christopher J Hammel Date: Tue, 17 Mar 2026 15:25:11 -0400 Subject: [PATCH 1/2] Update cw-windows-plain.ps1 to directly download the pfx certificate. Updated the cw-windows-plain.ps1 script to retrieve the PKCS12 Certificate from Cert Warden removing the dependency on openssl then updating Windows Certificate Store using pfx cert. --- cw-windows-plain.ps1 | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/cw-windows-plain.ps1 b/cw-windows-plain.ps1 index 8ba9b4d..4b37166 100644 --- a/cw-windows-plain.ps1 +++ b/cw-windows-plain.ps1 @@ -19,13 +19,14 @@ $CertSubject = "" # May need/want to edit $TempCerts = "C:\Windows\temp\tempcerts" -$OpenSSLLocation = "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" -$PKCS12Password = "Password" + +$PKCS12Password = $KeyAPIKey # Shouldn't need to edit $EncryptedPassword = ConvertTo-SecureString -String $PKCS12Password -Force -AsPlainText $CertificateAPIURL = "certwarden/api/v1/download/certificates/$CertWardenCertName" $KeyAPIURL = "certwarden/api/v1/download/privatekeys/$KeyName" +$pfxCertificateAPIURL = "certwarden/api/v1/download/pfx/$CertWardenCertName" $CurrentCertExpireTime = (Get-ChildItem -Path "Cert:\LocalMachine\My" | Where-Object { $_.Subject -Like "*$CertSubject"} | Sort-Object -Property NotAfter -Descending | Select-Object -First 1).NotAfter $CertPath = "$TempCerts\certchain.crt" $KeyPath = "$TempCerts\key.key" @@ -74,15 +75,13 @@ If ($CurrentCertExpireTime -lt $wardenCert.NotAfter -Or [string]::IsNullOrWhiteS # Get key from CertWarden Try { Invoke-WebRequest -Uri "https://$Server/$KeyAPIURL" -Method GET -Headers @{"apiKey" = "$KeyAPIKey" } -OutFile "$TempCerts\key.key" + Invoke-WebRequest -Uri "https://$Server/$pfxCertificateAPIURL" -Method GET -Headers @{"apiKey" = "$CertificateAPIKey.$KeyAPIKey" } -OutFile $PKCS12Path } Catch { - Write-Host "ERROR: FAILED TO GET KEY: $($_)" + Write-Host "ERROR: FAILED TO GET KEY or PFX file: $($_)" Exit-Failed } - # Convert the certificate and private key into a PKCS12 file - & $OpenSSLLocation pkcs12 -export -out $PKCS12Path -inkey $KeyPath -in $CertPath -passout "pass:$PKCS12Password" - # Import the PKCS12 file into the Local Machine Personal certificate store Import-PfxCertificate -FilePath $PKCS12Path -Password $EncryptedPassword -CertStoreLocation "cert:\LocalMachine\My" From 6e0ba84fe8eabc7841e93b2c33c2d16147a5d652 Mon Sep 17 00:00:00 2001 From: Christopher J Hammel Date: Wed, 18 Mar 2026 14:34:43 -0400 Subject: [PATCH 2/2] Remove key retrieval from CertWarden Removed the key retrieval from CertWarden in the script. --- cw-windows-plain.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/cw-windows-plain.ps1 b/cw-windows-plain.ps1 index 4b37166..d9161c1 100644 --- a/cw-windows-plain.ps1 +++ b/cw-windows-plain.ps1 @@ -74,7 +74,6 @@ If ($CurrentCertExpireTime -lt $wardenCert.NotAfter -Or [string]::IsNullOrWhiteS # Get key from CertWarden Try { - Invoke-WebRequest -Uri "https://$Server/$KeyAPIURL" -Method GET -Headers @{"apiKey" = "$KeyAPIKey" } -OutFile "$TempCerts\key.key" Invoke-WebRequest -Uri "https://$Server/$pfxCertificateAPIURL" -Method GET -Headers @{"apiKey" = "$CertificateAPIKey.$KeyAPIKey" } -OutFile $PKCS12Path } Catch {