CSR-only mode disables DNS and fixes CN parsing
This commit is contained in:
89
certy.ps1
89
certy.ps1
@@ -254,9 +254,14 @@ function Get-InfRequestFromLines {
|
||||
if ($line.TrimStart() -match '^[;#]') { continue }
|
||||
|
||||
if (-not $commonName -and ($line -match '(?i)^\s*subject\s*=\s*"?([^"]+)"?')) {
|
||||
$subject = $Matches[1]
|
||||
if ($subject -match '(?i)\bCN\s*=\s*([^,"]+)') {
|
||||
$commonName = $Matches[1].Trim()
|
||||
$subject = $Matches[1].Trim()
|
||||
$subject = $subject.Trim('"')
|
||||
$tokens = $subject -split '\s*[;,]\s*' | Where-Object { $_ }
|
||||
foreach ($token in $tokens) {
|
||||
if ($token -match '(?i)^\s*CN\s*=\s*(.+)$') {
|
||||
$commonName = $Matches[1].Trim()
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1236,6 +1241,32 @@ function Update-InfCsrUI {
|
||||
$enabled = $infCsrOnlyBox.Checked
|
||||
$infCsrOutputLabel.Enabled = $enabled
|
||||
$infCsrOutputBox.Enabled = $enabled
|
||||
|
||||
$inputEnabled = -not $enabled
|
||||
$hostsBox.Enabled = $inputEnabled
|
||||
$fileBox.Enabled = $inputEnabled
|
||||
$browseBtn.Enabled = $inputEnabled
|
||||
$filePreviewBtn.Enabled = $inputEnabled
|
||||
$filePreviewBox.Enabled = $inputEnabled
|
||||
$csrFolderBox.Enabled = $inputEnabled
|
||||
$csrBrowseBtn.Enabled = $inputEnabled
|
||||
$csrImportBtn.Enabled = $inputEnabled
|
||||
$useFqdnBox.Enabled = $inputEnabled
|
||||
|
||||
$zoneBox.Enabled = $inputEnabled
|
||||
$ipBox.Enabled = $inputEnabled
|
||||
$ipRefreshBtn.Enabled = $inputEnabled
|
||||
$dnsServerBox.Enabled = $inputEnabled
|
||||
$dnsScanBtn.Enabled = $inputEnabled
|
||||
$dnsListBox.Enabled = $inputEnabled
|
||||
$replicationTargetsBox.Enabled = $inputEnabled
|
||||
$replicationFromSelectedBtn.Enabled = $inputEnabled
|
||||
$primaryFromSelectedBtn.Enabled = $inputEnabled
|
||||
$replicationCmdBox.Enabled = $inputEnabled
|
||||
$replicationDelayBox.Enabled = $inputEnabled
|
||||
$replicationRemoteBox.Enabled = $inputEnabled
|
||||
$replicationCredBtn.Enabled = $inputEnabled
|
||||
$replicationEnabledBox.Enabled = $inputEnabled
|
||||
}
|
||||
|
||||
Update-InfCsrUI
|
||||
@@ -1474,7 +1505,7 @@ $infImportBtn.Add_Click({
|
||||
if (-not $folder) { throw "INF folder is empty." }
|
||||
if (-not (Test-Path -Path $folder -PathType Container)) { throw "INF folder not found: $folder" }
|
||||
|
||||
$infFiles = Get-ChildItem -Path $folder -Filter *.inf -File -Recurse
|
||||
$infFiles = @(Get-ChildItem -Path $folder -Filter *.inf -File -Recurse)
|
||||
if (-not $infFiles) {
|
||||
& $logAction "No INF files found in $folder"
|
||||
return
|
||||
@@ -1665,6 +1696,32 @@ $clearBtn.Add_Click({
|
||||
$runBtn.Add_Click({
|
||||
$runBtn.Enabled = $false
|
||||
try {
|
||||
if ($infCsrOnlyBox.Checked) {
|
||||
if (-not $script:infRequests -or $script:infRequests.Count -eq 0) {
|
||||
throw "INF CSR generation enabled, but no INF files were imported."
|
||||
}
|
||||
$csrOutputDir = $infCsrOutputBox.Text.Trim()
|
||||
if (-not $csrOutputDir) { throw "CSR output folder is required." }
|
||||
if (-not (Test-Path -Path $csrOutputDir -PathType Container)) {
|
||||
New-Item -Path $csrOutputDir -ItemType Directory -Force | Out-Null
|
||||
}
|
||||
foreach ($req in $script:infRequests) {
|
||||
$baseName = [System.IO.Path]::GetFileNameWithoutExtension($req.File)
|
||||
$csrPath = Join-Path $csrOutputDir ($baseName + ".req")
|
||||
if (Test-Path -Path $csrPath) {
|
||||
$csrPath = Join-Path $csrOutputDir ($baseName + "-" + (Get-Date -Format "yyyyMMddHHmmss") + ".req")
|
||||
}
|
||||
$infPath = if ($req.CsrInf) { $req.CsrInf } else { $req.File }
|
||||
& $logAction "Generating CSR from $([System.IO.Path]::GetFileName($infPath)) -> $csrPath"
|
||||
$output = & certreq.exe -new $infPath $csrPath 2>&1
|
||||
foreach ($line in $output) {
|
||||
& $logAction $line
|
||||
}
|
||||
}
|
||||
& $logAction "Done."
|
||||
return
|
||||
}
|
||||
|
||||
$hosts = @()
|
||||
$hosts += Split-List $hostsBox.Text
|
||||
|
||||
@@ -1760,29 +1817,7 @@ $runBtn.Add_Click({
|
||||
& $logAction "Replication disabled."
|
||||
}
|
||||
|
||||
if ($infCsrOnlyBox.Checked) {
|
||||
if (-not $script:infRequests -or $script:infRequests.Count -eq 0) {
|
||||
throw "INF CSR generation enabled, but no INF files were imported."
|
||||
}
|
||||
$csrOutputDir = $infCsrOutputBox.Text.Trim()
|
||||
if (-not $csrOutputDir) { throw "CSR output folder is required." }
|
||||
if (-not (Test-Path -Path $csrOutputDir -PathType Container)) {
|
||||
New-Item -Path $csrOutputDir -ItemType Directory -Force | Out-Null
|
||||
}
|
||||
foreach ($req in $script:infRequests) {
|
||||
$baseName = [System.IO.Path]::GetFileNameWithoutExtension($req.File)
|
||||
$csrPath = Join-Path $csrOutputDir ($baseName + ".req")
|
||||
if (Test-Path -Path $csrPath) {
|
||||
$csrPath = Join-Path $csrOutputDir ($baseName + "-" + (Get-Date -Format "yyyyMMddHHmmss") + ".req")
|
||||
}
|
||||
$infPath = if ($req.CsrInf) { $req.CsrInf } else { $req.File }
|
||||
& $logAction "Generating CSR from $([System.IO.Path]::GetFileName($infPath)) -> $csrPath"
|
||||
$output = & certreq.exe -new $infPath $csrPath 2>&1
|
||||
foreach ($line in $output) {
|
||||
& $logAction $line
|
||||
}
|
||||
}
|
||||
} elseif ($disableCertsBox.Checked) {
|
||||
if ($disableCertsBox.Checked) {
|
||||
& $logAction "Cert generation disabled; DNS updates/replication only."
|
||||
} else {
|
||||
$wacsPath = $wacsPathBox.Text.Trim()
|
||||
|
||||
Reference in New Issue
Block a user