Skip to content

Commit

Permalink
Merge pull request #81 from brianlala/dev
Browse files Browse the repository at this point in the history 
Use new SP SE cmdlets for certificate management
  • Loading branch information
@brianlala
brianlala authored Nov 26, 2021
2 parents d4641ed + eb4be17 commit f5be418
Showing 1 changed file with 39 additions and 19 deletions.
58 changes: 39 additions & 19 deletions SP/Automation/AutoSPInstallerModule.psm1
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# ===================================================================================
# ===================================================================================
# EXTERNAL FUNCTIONS
# ===================================================================================

Expand Down Expand Up @@ -2417,14 +2417,12 @@ Function AddManagedAccounts ([xml]$xmlInput)
{
$username = $account.username

if ([string]::IsNullOrEmpty($account.Password))
{
if([string]::IsNullOrEmpty($account.Password)) {
$password = (Get-Credential -Message "Enter Password for Managed Account" -UserName $account.username).Password
}
else
{
else {
$password = $account.Password
$password = ConvertTo-SecureString "$password" -AsPlainText -Force
$password = ConvertTo-SecureString "$password" -AsPlaintext -Force
}
$alreadyAdmin = $false
# The following was suggested by Matthias Einig (http://www.codeplex.com/site/users/view/matein78)
Expand Down Expand Up @@ -2897,15 +2895,14 @@ Function AssignCert ($SSLHostHeader, $SSLPort, $SSLSiteName)
$certCommonName = "*.$topDomain"
}
Write-Host -ForegroundColor White " - Looking for existing `"$certCommonName`" wildcard certificate..."
$cert = Get-ChildItem cert:\LocalMachine\My | Where-Object {$_.Subject -eq "CN=$certCommonName"}
}
Else
{
# Just create a cert that matches the SSL host header
$certCommonName = $SSLHostHeader
Write-Host -ForegroundColor White " - Looking for existing `"$certCommonName`" certificate..."
$cert = Get-ChildItem cert:\LocalMachine\My | Where-Object {$_.Subject -eq "CN=$certCommonName"}
}
$cert = Get-ChildItem cert:\LocalMachine\My | Where-Object {$_.Subject -eq "CN=$certCommonName"}
If (!$cert)
{
Write-Host -ForegroundColor White " - None found."
Expand Down Expand Up @@ -2965,24 +2962,47 @@ Function AssignCert ($SSLHostHeader, $SSLPort, $SSLSiteName)
$store.Add($pfx)
$store.Close()
Write-Host -ForegroundColor White " - Assigning certificate `"$certSubject`" to SSL-enabled site..."
#Set-Location IIS:\SslBindings -ErrorAction Inquire
if (!(Get-Item IIS:\SslBindings\0.0.0.0!$SSLPort -ErrorAction SilentlyContinue))
{
$cert | New-Item IIS:\SslBindings\0.0.0.0!$SSLPort -ErrorAction SilentlyContinue | Out-Null
}
# Check if we have specified no host header
if (!([string]::IsNullOrEmpty($webApp.UseHostHeader)) -and $webApp.UseHostHeader -eq $false)
if ($spYear -eq "SE") # SharePoint Subscription Edition (SPSE) way using native cmdlets
{
Set-ItemProperty IIS:\Sites\$SSLSiteName -Name bindings -Value @{protocol="https";bindingInformation="*:$($SSLPort):"} -ErrorAction SilentlyContinue
Write-Host -ForegroundColor White " - Using SPSE native cmdlets..."
# First export the cert again to a pfx that SharePoint SE can use
Write-Host -ForegroundColor White " - Exporting the cert as a pfx to '$((Get-Item $env:TEMP).FullName)\$certSubjectName.pfx'..."
Export-PfxCertificate -Cert $cert -FilePath "$((Get-Item $env:TEMP).FullName)\$certSubjectName.pfx" -ProtectTo "$env:USERDOMAIN\$env:USERNAME" -Force | Out-Null
Write-Host -ForegroundColor White " - Importing the certificate to SharePoint..."
Import-SPCertificate -Path "$((Get-Item $env:TEMP).FullName)\$certSubjectName.pfx" -Exportable -Replace | Out-Null
$seCert = Get-SPCertificate | Where-Object {$_.Subject -eq $certSubject}
Write-Host -ForegroundColor White " - Binding certificate to web app '$SSLSiteName'..."
if ((Get-SPWebApplication -IncludeCentralAdministration | Where-Object {$_.IsAdministrationWebApplication -eq $true} | Select-Object DisplayName).DisplayName -eq $SSLSiteName)
{
# Since this is central admin, use Set-SPCentralAdministration instead
Set-SPCentralAdministration -Port $SSLPort -SecureSocketsLayer -Certificate $seCert -Confirm:$false
}
else # Use method for a regular web app
{
Set-SPWebApplication -Identity $SSLSiteName -Zone Default -Port $SSLPort -SecureSocketsLayer -HostHeader $SSLHostHeader -Certificate $seCert
}
}
else # Set the binding to the host header
else # Classic way
{
Set-ItemProperty IIS:\Sites\$SSLSiteName -Name bindings -Value @{protocol="https";bindingInformation="*:$($SSLPort):$($SSLHostHeader)"} -ErrorAction SilentlyContinue
Write-Host -ForegroundColor White " - Using classic method..."
if (!(Get-Item IIS:\SslBindings\0.0.0.0!$SSLPort -ErrorAction SilentlyContinue))
{
$cert | New-Item IIS:\SslBindings\0.0.0.0!$SSLPort -ErrorAction SilentlyContinue | Out-Null
}
# Check if we have specified no host header
if (!([string]::IsNullOrEmpty($webApp.UseHostHeader)) -and $webApp.UseHostHeader -eq $false)
{
Set-ItemProperty IIS:\Sites\$SSLSiteName -Name bindings -Value @{protocol="https";bindingInformation="*:$($SSLPort):"} -ErrorAction SilentlyContinue
}
else # Set the binding to the host header
{
Set-ItemProperty IIS:\Sites\$SSLSiteName -Name bindings -Value @{protocol="https";bindingInformation="*:$($SSLPort):$($SSLHostHeader)"} -ErrorAction SilentlyContinue
}
}
## Set-WebBinding -Name $SSLSiteName -BindingInformation ":$($SSLPort):" -PropertyName Port -Value $SSLPort -PropertyName Protocol -Value https
Write-Host -ForegroundColor White " - Certificate has been assigned to site `"https://$SSLHostHeader`:$SSLPort`""
}
Else
else
{
Write-Host -ForegroundColor White " - No certificates were found, and none could be created."
}
Expand Down

0 comments on commit f5be418

Please sign in to comment.