PowerShell script for automating the creation of a shared certificate used to
access the Pure1 RestAPI.
The script was created based on the following reference.
https://www.codyhosterman.com/2019/01/using-the-pure1-rest-api-part-i-powershell/
Reading the above post will definitely help in understanding the logic flow of this
script. The logic of this script basically implements this post with the option of
of saving key data into an encrypted zip file so it can be imported into a certificate
store on a different computer.
Script must run in an PowerShell console with admin privileges.
Download FileCryptography module and copy the psm1 file into the script folder path.
https://gallery.technet.microsoft.com/scriptcenter/EncryptDecrypt-files-use-65e7ae5d
Install Windows version of openssl. Tested with: https://slproweb.com/products/Win32OpenSSL.html
Add the openssl executable folder to your System environmental path.
Start a PowerShell console session with Admin privileges.
CD to the path location of Create-SharedCertificate.ps1
Execute the script:
PS> Create-SharedCertificate -create
Enter a Subject name for the certificate: TestMe
Going to create a shared SelfSignCertificate with a subject name of TestMe
Press 'Y' to continue: Y
Enter a Password: ******
Enter the same password for the Import Password.
Enter Import Password:
writing RSA key
Public key is located in the file, TestMe-pem-public.key
Copy the following Public key into Pure1 API Administrator interface to generate an APIkey
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxqXAaOHhjV26Jze7ihU
VCPZk0CHSIgGHNshDOWL+vJ3XAhAeCn/FcgwQXc/7EqEJx7krfVJPhGLWZ50VMNx
xD34FrwaU8W7H6l+DkPzR3xskzo4O98NlKgaBv8oE8EvyfpdSq3oP5VtUyMMprHX
rTbQ3WKWrpTGYTtK77gwVQ2eJM6TD09moPOVJYttZTlYQHvmXHN345IR4Wvv2QOU
dosvJxYfrCDz1LEnt1qsfLPaqF26805o7A2V4Z4RClM+xenq1ZZvkNGp4GFLfaXT
AG7o94QhtKUoVpSAdU48GoASEFubtRZiuD5Oz5nyjk6uSwXeJsH5uYVOUQT36MAX
KQIDAQAB
-----END PUBLIC KEY-----
Add public key using Pure1 API Registration --- Press any key to continue:
Copy the above Public key into Pure1 API Administrator interface to generate an application APIkey
See this post for instructions getting Pure1 application ID.
https://www.codyhosterman.com/2019/01/introducing-the-pure1-rest-api/
Backing up and encrypting sensitive data The following password is required to decrypt the file, TestMe.zip.AES Save the following password or else the data will be lost. J236twMTM0osuFgRLlbbyOSGkMpIEh4YHpQ0bTMjFeQ= Press any key to continue:
As indicated above the public and private keys and other data has been
stored in the encrypted zip file, TestMe.zip.AES.
Please Note: This is the only time the password needed for decrypting the zip file is exposed
What to review the TestMe certificate in the Certificate Snap-In? (Y or N): Y
Entering Certlm.mcs in the run menu will also open the Certificate Snap-in.
By default only the Administrator has access to the private key stored in the
Certificate store. To modify this access see the following post.
https://www.codyhosterman.com/2019/06/assigning-read-access-to-windows-private-key/
If there is a desire to have this same certificate installed on multiple computers, then the
file,TestMe.zip.AES along with the password needs to be retained.
PS> Create-SharedCertificate Enter a Subject name for the certificate: TestMe Going to import a SelfSignCertificate from, TestMe Press 'Y' to continue: Y Enter the password for the encrypted zip file, TestMe.zip.AES: J236twMTM0osuFgRLlbbyOSGkMpIEh4YHpQ0bTMjFeQ= PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My Thumbprint Subject ---------- ------- E037AF3E3DBC489DBF9D2CB822E0B34EB4A10536 CN=TestMe What to review the TestMe certificate in the Certificate Snap-In? (Y or N): Y