Rephl3x/cert-management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CSR-only mode disables DNS and fixes CN parsing

Browse Source
This commit is contained in:
Zak Bearman
2026-01-30 13:19:57 +13:00
parent d28beb86e3
commit 97b21dfbf8
1 changed files with 62 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
certy.ps1
View File

@@ -254,9 +254,14 @@ function Get-InfRequestFromLines {
if ($line.TrimStart() -match '^[;#]') { continue } if ($line.TrimStart() -match '^[;#]') { continue }
if (-not $commonName -and ($line -match '(?i)^\s*subject\s*=\s*"?([^"]+)"?')) { if (-not $commonName -and ($line -match '(?i)^\s*subject\s*=\s*"?([^"]+)"?')) {
$subject = $Matches[1] $subject = $Matches[1].Trim()
if ($subject -match '(?i)\bCN\s*=\s*([^,"]+)') { $subject = $subject.Trim('"')
$tokens = $subject -split '\s*[;,]\s*' | Where-Object { $_ }
foreach ($token in $tokens) {
if ($token -match '(?i)^\s*CN\s*=\s*(.+)$') {
$commonName = $Matches[1].Trim() $commonName = $Matches[1].Trim()
break
}
} }
} }
@@ -1236,6 +1241,32 @@ function Update-InfCsrUI {
$enabled = $infCsrOnlyBox.Checked $enabled = $infCsrOnlyBox.Checked
$infCsrOutputLabel.Enabled = $enabled $infCsrOutputLabel.Enabled = $enabled
$infCsrOutputBox.Enabled = $enabled $infCsrOutputBox.Enabled = $enabled
$inputEnabled = -not $enabled
$hostsBox.Enabled = $inputEnabled
$fileBox.Enabled = $inputEnabled
$browseBtn.Enabled = $inputEnabled
$filePreviewBtn.Enabled = $inputEnabled
$filePreviewBox.Enabled = $inputEnabled
$csrFolderBox.Enabled = $inputEnabled
$csrBrowseBtn.Enabled = $inputEnabled
$csrImportBtn.Enabled = $inputEnabled
$useFqdnBox.Enabled = $inputEnabled
$zoneBox.Enabled = $inputEnabled
$ipBox.Enabled = $inputEnabled
$ipRefreshBtn.Enabled = $inputEnabled
$dnsServerBox.Enabled = $inputEnabled
$dnsScanBtn.Enabled = $inputEnabled
$dnsListBox.Enabled = $inputEnabled
$replicationTargetsBox.Enabled = $inputEnabled
$replicationFromSelectedBtn.Enabled = $inputEnabled
$primaryFromSelectedBtn.Enabled = $inputEnabled
$replicationCmdBox.Enabled = $inputEnabled
$replicationDelayBox.Enabled = $inputEnabled
$replicationRemoteBox.Enabled = $inputEnabled
$replicationCredBtn.Enabled = $inputEnabled
$replicationEnabledBox.Enabled = $inputEnabled
} }
Update-InfCsrUI Update-InfCsrUI
@@ -1474,7 +1505,7 @@ $infImportBtn.Add_Click({
if (-not $folder) { throw "INF folder is empty." } if (-not $folder) { throw "INF folder is empty." }
if (-not (Test-Path -Path $folder -PathType Container)) { throw "INF folder not found: $folder" } if (-not (Test-Path -Path $folder -PathType Container)) { throw "INF folder not found: $folder" }
$infFiles = Get-ChildItem -Path $folder -Filter *.inf -File -Recurse $infFiles = @(Get-ChildItem -Path $folder -Filter *.inf -File -Recurse)
if (-not $infFiles) { if (-not $infFiles) {
& $logAction "No INF files found in $folder" & $logAction "No INF files found in $folder"
return return
@@ -1665,6 +1696,32 @@ $clearBtn.Add_Click({
$runBtn.Add_Click({ $runBtn.Add_Click({
$runBtn.Enabled = $false $runBtn.Enabled = $false
try { try {
if ($infCsrOnlyBox.Checked) {
if (-not $script:infRequests -or $script:infRequests.Count -eq 0) {
throw "INF CSR generation enabled, but no INF files were imported."
}
$csrOutputDir = $infCsrOutputBox.Text.Trim()
if (-not $csrOutputDir) { throw "CSR output folder is required." }
if (-not (Test-Path -Path $csrOutputDir -PathType Container)) {
New-Item -Path $csrOutputDir -ItemType Directory -Force | Out-Null
}
foreach ($req in $script:infRequests) {
$baseName = [System.IO.Path]::GetFileNameWithoutExtension($req.File)
$csrPath = Join-Path $csrOutputDir ($baseName + ".req")
if (Test-Path -Path $csrPath) {
$csrPath = Join-Path $csrOutputDir ($baseName + "-" + (Get-Date -Format "yyyyMMddHHmmss") + ".req")
}
$infPath = if ($req.CsrInf) { $req.CsrInf } else { $req.File }
& $logAction "Generating CSR from $([System.IO.Path]::GetFileName($infPath)) -> $csrPath"
$output = & certreq.exe -new $infPath $csrPath 2>&1
foreach ($line in $output) {
& $logAction $line
}
}
& $logAction "Done."
return
}
$hosts = @() $hosts = @()
$hosts += Split-List $hostsBox.Text $hosts += Split-List $hostsBox.Text
@@ -1760,29 +1817,7 @@ $runBtn.Add_Click({
& $logAction "Replication disabled." & $logAction "Replication disabled."
} }
if ($infCsrOnlyBox.Checked) { if ($disableCertsBox.Checked) {
if (-not $script:infRequests -or $script:infRequests.Count -eq 0) {
throw "INF CSR generation enabled, but no INF files were imported."
}
$csrOutputDir = $infCsrOutputBox.Text.Trim()
if (-not $csrOutputDir) { throw "CSR output folder is required." }
if (-not (Test-Path -Path $csrOutputDir -PathType Container)) {
New-Item -Path $csrOutputDir -ItemType Directory -Force | Out-Null
}
foreach ($req in $script:infRequests) {
$baseName = [System.IO.Path]::GetFileNameWithoutExtension($req.File)
$csrPath = Join-Path $csrOutputDir ($baseName + ".req")
if (Test-Path -Path $csrPath) {
$csrPath = Join-Path $csrOutputDir ($baseName + "-" + (Get-Date -Format "yyyyMMddHHmmss") + ".req")
}
$infPath = if ($req.CsrInf) { $req.CsrInf } else { $req.File }
& $logAction "Generating CSR from $([System.IO.Path]::GetFileName($infPath)) -> $csrPath"
$output = & certreq.exe -new $infPath $csrPath 2>&1
foreach ($line in $output) {
& $logAction $line
}
}
} elseif ($disableCertsBox.Checked) {
& $logAction "Cert generation disabled; DNS updates/replication only." & $logAction "Cert generation disabled; DNS updates/replication only."
} else { } else {
$wacsPath = $wacsPathBox.Text.Trim() $wacsPath = $wacsPathBox.Text.Trim()