85 lines
3.2 KiB
PowerShell
85 lines
3.2 KiB
PowerShell
#Requires -RunAsAdministrator
|
|
<#
|
|
.SYNOPSIS
|
|
Importiert das SSL-Zertifikat einer Starface-Anlage in den Windows-Zertifikatspeicher.
|
|
.DESCRIPTION
|
|
Verbindet sich per SSL/TLS zur angegebenen Starface-Anlage, extrahiert das
|
|
Zertifikat und importiert es als vertrauenswuerdig. Danach kann das Outlook
|
|
Add-in die Starface REST-API ueber HTTPS erreichen.
|
|
.EXAMPLE
|
|
.\import-cert.ps1 -StarfaceHost 192.168.1.100
|
|
.EXAMPLE
|
|
.\import-cert.ps1 -StarfaceHost pbx.firma.local -Port 8443
|
|
#>
|
|
|
|
param(
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$StarfaceHost,
|
|
|
|
[int]$Port = 443
|
|
)
|
|
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
Write-Host ""
|
|
Write-Host "============================================================" -ForegroundColor Cyan
|
|
Write-Host " Starface-Zertifikat importieren" -ForegroundColor Cyan
|
|
Write-Host "============================================================" -ForegroundColor Cyan
|
|
Write-Host ""
|
|
|
|
Write-Host " [OK] Verbinde mit ${StarfaceHost}:${Port} ..." -ForegroundColor Green
|
|
|
|
try {
|
|
$tcpClient = New-Object System.Net.Sockets.TcpClient
|
|
$tcpClient.Connect($StarfaceHost, $Port)
|
|
$sslStream = New-Object System.Net.Security.SslStream(
|
|
$tcpClient.GetStream(),
|
|
$false,
|
|
{ $true } # Alle Zertifikate akzeptieren fuer den Abruf
|
|
)
|
|
$sslStream.AuthenticateAsClient($StarfaceHost)
|
|
|
|
$remoteCert = $sslStream.RemoteCertificate
|
|
$x509Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($remoteCert)
|
|
|
|
$sslStream.Close()
|
|
$tcpClient.Close()
|
|
|
|
Write-Host " Zertifikat erhalten:" -ForegroundColor Green
|
|
Write-Host " Subject: $($x509Cert.Subject)" -ForegroundColor White
|
|
Write-Host " Aussteller: $($x509Cert.Issuer)" -ForegroundColor White
|
|
Write-Host " Gueltig bis: $($x509Cert.NotAfter)" -ForegroundColor White
|
|
Write-Host " Thumbprint: $($x509Cert.Thumbprint)" -ForegroundColor White
|
|
Write-Host ""
|
|
|
|
# Pruefen ob bereits vorhanden
|
|
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store(
|
|
[System.Security.Cryptography.X509Certificates.StoreName]::Root,
|
|
[System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine
|
|
)
|
|
$rootStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
|
|
$existing = $rootStore.Certificates | Where-Object { $_.Thumbprint -eq $x509Cert.Thumbprint }
|
|
$rootStore.Close()
|
|
|
|
if ($existing) {
|
|
Write-Host " Zertifikat ist bereits als vertrauenswuerdig gespeichert." -ForegroundColor Yellow
|
|
} else {
|
|
$rootStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
|
|
$rootStore.Add($x509Cert)
|
|
$rootStore.Close()
|
|
Write-Host " [OK] Zertifikat erfolgreich als vertrauenswuerdig importiert!" -ForegroundColor Green
|
|
}
|
|
|
|
} catch {
|
|
Write-Host " [X] Fehler: $_" -ForegroundColor Red
|
|
Write-Host ""
|
|
Write-Host " Moegliche Ursachen:" -ForegroundColor Yellow
|
|
Write-Host " - Starface nicht erreichbar (IP/Hostname pruefen)" -ForegroundColor Yellow
|
|
Write-Host " - Falscher Port (Standard: 443)" -ForegroundColor Yellow
|
|
Write-Host " - Firewall blockiert die Verbindung" -ForegroundColor Yellow
|
|
exit 1
|
|
}
|
|
|
|
Write-Host ""
|
|
Read-Host "Eingabetaste zum Beenden"
|