Scripting

Scripting certificate management across untrusted domains

Posted by Leave a Comment
Filed Under  , , , , ,

I need a programmatic way to move PFX files to web servers in untrusted domains and import them into the local cert store. The solution I have now is a batch file that performs the following:

  1. Use NET USE to map a drive to an administrative share on the web server.
  2. Use XCOPY to move the PFX file to that share.
  3. Use PSEXEC to invoke CERTUTIL to import the PFX files.

Very crude and it doesn’t scale well. It works, but it isn’t elegant, and I have a feeling another scripting language may handle this better. Ideally, the script would programmatically replace the cert binding in IIS with the updated cert I just pushed to the server; now that’s a time-consuming, manual task through the GUI.

Since GUI’s Are For The Weak And Timid™, I’m looking at PowerShell to see how I can leverage that to carry out these tasks. Is that even the “right” or “best” language to consider? Do you have any suggestions how to improve this? Leave me a comment.

Advertisement

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Always want the latest from SteveBerk.com? Use the subscribe button to receive updates via email. Sign up today!

Recent Comments

Mr WordPress on Hello world!

Archives

Follow

Get every new post delivered to your Inbox.