Difference between revisions of "SSL CA Install"
From WPKG | Open Source Software Deployment and Distribution
(General cleanups) |
|||
| Line 10: | Line 10: | ||
Example: | Example: | ||
| − | < | + | <source lang="xml"> |
<package | <package | ||
id="ssl_cert" | id="ssl_cert" | ||
| Line 21: | Line 21: | ||
</install> | </install> | ||
</package> | </package> | ||
| − | </ | + | </source> |
| + | |||
| + | == With certutil == | ||
| + | I tested this with W7 and higher. | ||
| + | <source lang="xml"> | ||
| + | <?xml version="1.0" encoding="UTF-8"?> | ||
| + | |||
| + | <packages:packages xmlns:packages="http://www.wpkg.org/packages" | ||
| + | xmlns:wpkg="http://www.wpkg.org/wpkg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| + | xsi:schemaLocation="http://www.wpkg.org/packages ../xsd/packages.xsd"> | ||
| + | |||
| + | |||
| + | <package | ||
| + | id="ssl-cert-win" | ||
| + | name="SSL-Zertifikate_Windows" | ||
| + | revision="%version%" | ||
| + | priority="0" | ||
| + | reboot="false"> | ||
| + | |||
| + | <variable name="version" value="2017-05-30" /> | ||
| + | <variable name="versionfile" value="%SYSTEMROOT%\sslversion.txt" /> | ||
| + | <variable name="cafile" value="%SOFTWARE%\ssl\cacert.pem" /> | ||
| + | <variable name="caseriennummer" value="12345678abcdefgh" /> | ||
| + | |||
| + | <!-- check install date --> | ||
| + | <check type="execute" path='%SETTINGS%\tools\compareStringAndFile.bat "%version%" "%versionfile%"' condition="exitcodeequalto" value="0"/> | ||
| + | |||
| + | <!-- add cert to root --> | ||
| + | <install cmd='certutil -addstore "ROOT" %cafile%'/> | ||
| + | <!-- set install date --> | ||
| + | <install cmd='%ComSpec% /c echo %version%>"%versionfile%"'/> | ||
| + | |||
| + | <remove cmd='certutil -delstore "ROOT" %caseriennummer%'/> | ||
| + | <remove cmd='%ComSpec% /c del "%versionfile%"'/> | ||
| + | |||
| + | <upgrade include="remove" /> | ||
| + | <upgrade include="install" /> | ||
| + | |||
| + | </package> | ||
| + | |||
| + | </packages:packages> | ||
| + | </source> | ||
| + | |||
| + | certutil is part of Windows. | ||
| + | |||
| + | The only extra file "compareStringAndFile.bat-Skript" is very simple: | ||
| + | <source lang="dos"> | ||
| + | @echo off | ||
| + | |||
| + | :: compare parameter 1 (string) with content of parameter 2 (file) | ||
| + | |||
| + | set /p FILECONTENT=<%2 | ||
| + | |||
| + | set FILECONTENT="%FILECONTENT%" | ||
| + | REM echo %FILECONTENT% | ||
| + | REM echo %1 | ||
| + | |||
| + | if %1 == %FILECONTENT% exit /B 0 | ||
| + | |||
| + | REM echo "The strings are different!" | ||
| + | exit /B 1 | ||
| + | </source> | ||
[[Category: Changing Windows settings]] | [[Category: Changing Windows settings]] | ||
Latest revision as of 15:31, 12 June 2017
There are probably lots of ways to do this.
You will need CertMgr.exe. It's part of .NET Framework 2.0 Software Development Kit - you don't need the entire kit on your clients or in your WPKG installation, only CertMgr.exe.
CertMgr.exe is documented here. Basic usage as follows:
%programfiles%\Microsoft.NET\SDK\v2.0\Bin\CertMgr.Exe /add ca-cert.der /all /s /r localMachine root
This would install all CAs in ca-cet.der globally, for all users.
Example:
<package
id="ssl_cert"
name="ssl certificate"
revision="1"
reboot="false"
priority="50"
execute="once">
<install cmd="%SOFTWARE%\pkg\ssl\CertMgr.Exe /add ca-cert.der /all /s /r localMachine root">
</install>
</package>
With certutil
I tested this with W7 and higher.
<?xml version="1.0" encoding="UTF-8"?>
<packages:packages xmlns:packages="http://www.wpkg.org/packages"
xmlns:wpkg="http://www.wpkg.org/wpkg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.wpkg.org/packages ../xsd/packages.xsd">
<package
id="ssl-cert-win"
name="SSL-Zertifikate_Windows"
revision="%version%"
priority="0"
reboot="false">
<variable name="version" value="2017-05-30" />
<variable name="versionfile" value="%SYSTEMROOT%\sslversion.txt" />
<variable name="cafile" value="%SOFTWARE%\ssl\cacert.pem" />
<variable name="caseriennummer" value="12345678abcdefgh" />
<!-- check install date -->
<check type="execute" path='%SETTINGS%\tools\compareStringAndFile.bat "%version%" "%versionfile%"' condition="exitcodeequalto" value="0"/>
<!-- add cert to root -->
<install cmd='certutil -addstore "ROOT" %cafile%'/>
<!-- set install date -->
<install cmd='%ComSpec% /c echo %version%>"%versionfile%"'/>
<remove cmd='certutil -delstore "ROOT" %caseriennummer%'/>
<remove cmd='%ComSpec% /c del "%versionfile%"'/>
<upgrade include="remove" />
<upgrade include="install" />
</package>
</packages:packages>
certutil is part of Windows.
The only extra file "compareStringAndFile.bat-Skript" is very simple:
@echo off
:: compare parameter 1 (string) with content of parameter 2 (file)
set /p FILECONTENT=<%2
set FILECONTENT="%FILECONTENT%"
REM echo %FILECONTENT%
REM echo %1
if %1 == %FILECONTENT% exit /B 0
REM echo "The strings are different!"
exit /B 1