SSL CA Install
There are probably lots of ways to do this.
You will need CertMgr.exe. It's part of .NET Framework 2.0 Software Development Kit - you don't need the entire kit on your clients or in your WPKG installation, only CertMgr.exe.
CertMgr.exe is documented here. Basic usage as follows:
%programfiles%\Microsoft.NET\SDK\v2.0\Bin\CertMgr.Exe /add ca-cert.der /all /s /r localMachine root
This would install all CAs in ca-cet.der globally, for all users.
Example:
<package
id="ssl_cert"
name="ssl certificate"
revision="1"
reboot="false"
priority="50"
execute="once">
<install cmd="%SOFTWARE%\pkg\ssl\CertMgr.Exe /add ca-cert.der /all /s /r localMachine root">
</install>
</package>
With certutil
I tested this with W7 and higher.
<?xml version="1.0" encoding="UTF-8"?>
<packages:packages xmlns:packages="http://www.wpkg.org/packages"
xmlns:wpkg="http://www.wpkg.org/wpkg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.wpkg.org/packages ../xsd/packages.xsd">
<package
id="ssl-cert-win"
name="SSL-Zertifikate_Windows"
revision="%version%"
priority="0"
reboot="false">
<variable name="version" value="2017-05-30" />
<variable name="versionfile" value="%SYSTEMROOT%\sslversion.txt" />
<variable name="cafile" value="%SOFTWARE%\ssl\cacert.pem" />
<variable name="caseriennummer" value="12345678abcdefgh" />
<!-- check install date -->
<check type="execute" path='%SETTINGS%\tools\compareStringAndFile.bat "%version%" "%versionfile%"' condition="exitcodeequalto" value="0"/>
<!-- add cert to root -->
<install cmd='certutil -addstore "ROOT" %cafile%'/>
<!-- set install date -->
<install cmd='%ComSpec% /c echo %version%>"%versionfile%"'/>
<remove cmd='certutil -delstore "ROOT" %caseriennummer%'/>
<remove cmd='%ComSpec% /c del "%versionfile%"'/>
<upgrade include="remove" />
<upgrade include="install" />
</package>
</packages:packages>
certutil is part of Windows.
The only extra file "compareStringAndFile.bat-Skript" is very simple:
@echo off
:: compare parameter 1 (string) with content of parameter 2 (file)
set /p FILECONTENT=<%2
set FILECONTENT="%FILECONTENT%"
REM echo %FILECONTENT%
REM echo %1
if %1 == %FILECONTENT% exit /B 0
REM echo "The strings are different!"
exit /B 1