Skip to content

Ab#69145 Fixed a PowerShell compatibility issue when using LocalMachine. #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 9 commits into from
Closed

Ab#69145 Fixed a PowerShell compatibility issue when using LocalMachine. #132

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ba02d92
Ab#69145 Fixed a PowerShell compatibility issue when using LocalMachi…
Mar 6, 2025
0d44164
Update generated docs
Mar 6, 2025
0652296
chore(docs): Regen docs.
spbsoluble May 8, 2025
6f12821
Update generated docs
May 8, 2025
0d23e12
chore(ci): Bump starter workflow version
spbsoluble May 8, 2025
b14eb2a
chore(ci): Add dependabot.yml
spbsoluble May 8, 2025
ea26ca8
fix(ci): Revert starter workflow to `3.1.2`
spbsoluble May 8, 2025
63f3474
chore(ci): Pin bootstrap workflow to `v3.2.0`
spbsoluble May 15, 2025
04c2556
Update generated docs
May 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# See GitHub's documentation for more information on this file:
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "nuget"
directory: "/"
schedule:
interval: "daily"
2 changes: 1 addition & 1 deletion .github/workflows/keyfactor-starter-workflow.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:

jobs:
call-starter-workflow:
uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
uses: keyfactor/actions/.github/workflows/starter.yml@3.2.0
secrets:
token: ${{ secrets.V2BUILDTOKEN}}
APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
Expand Down
5 changes: 4 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
2.5.2
* Fixed a PowerShell compatibility issue when using LocalMachine. LocalMachine will always run PowerShell 5.1.

2.5.1
* Fixed WinSQL service name when InstanceID differs from InstanceName

2.5.0
* Added the Bindings to the end of the thumbprint to make the alias unique.
* Using new IISWebBindings commandlet to use additional SSL flags when binding certificate to website.
* Added multi-platform support for .Net6 and .Net8.
* Updated various PowerShell scripts to handle both .Net6 and .Net8 differences (specifically the absense of the WebAdministration module in PS SDK 7.4.x+)
* Updated various PowerShell scripts to handle both .Net6 and .Net8 differences (specifically the absence of the WebAdministration module in PS SDK 7.4.x+)
* Fixed issue to update multiple websites when using the same cert.
* Removed renewal thumbprint logic to update multiple website; each job now updates its own specific certificate.

Expand Down
73 changes: 1 addition & 72 deletions IISU/ClientPSIIManager.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -567,78 +567,7 @@ private object PerformIISUnBinding(string webSiteName, string protocol, string i
/// <returns></returns>
private object PerformIISBinding(string webSiteName, string protocol, string ipAddress, string port, string hostName, string sslFlags, string thumbprint, string storeName)
{
//string funcScript = @"
// param (
// $SiteName, # The name of the IIS site
// $IPAddress, # The IP Address for the binding
// $Port, # The port number for the binding
// $Hostname, # Hostname for the binding (if any)
// $Protocol, # Protocol (e.g., HTTP, HTTPS)
// $Thumbprint, # Certificate thumbprint for HTTPS bindings
// $StoreName, # Certificate store location (e.g., ""My"" for personal certs)
// $SslFlags # SSL flags (if any)
// )

// # Set Execution Policy (optional, depending on your environment)
// Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force

// ## Check if the IISAdministration module is available
// #$module = Get-Module -Name IISAdministration -ListAvailable

// #if (-not $module) {
// # throw ""The IISAdministration module is not installed on this system.""
// #}

// # Check if the IISAdministration module is already loaded
// if (-not (Get-Module -Name IISAdministration)) {
// try {
// # Attempt to import the IISAdministration module
// Import-Module IISAdministration -ErrorAction Stop
// }
// catch {
// throw ""Failed to load the IISAdministration module. Ensure it is installed and available.""
// }
// }

// # Retrieve the existing binding information
// $myBinding = ""${IPAddress}:${Port}:${Hostname}""
// Write-Host ""myBinding: "" $myBinding

// $siteBindings = Get-IISSiteBinding -Name $SiteName
// $existingBinding = $siteBindings | Where-Object { $_.bindingInformation -eq $myBinding -and $_.protocol -eq $Protocol }

// Write-Host ""Binding:"" $existingBinding

// if ($null -ne $existingBinding) {
// # Remove the existing binding
// Remove-IISSiteBinding -Name $SiteName -BindingInformation $existingBinding.BindingInformation -Protocol $existingBinding.Protocol -Confirm:$false

// Write-Host ""Removed existing binding: $($existingBinding.BindingInformation)""
// }

// # Create the new binding with modified properties
// $newBindingInfo = ""${IPAddress}:${Port}:${Hostname}""

// try
// {
// New-IISSiteBinding -Name $SiteName `
// -BindingInformation $newBindingInfo `
// -Protocol $Protocol `
// -CertificateThumbprint $Thumbprint `
// -CertStoreLocation $StoreName `
// -SslFlag $SslFlags

// Write-Host ""New binding added: $newBindingInfo""
// }
// catch {
// throw $_
// }
//";
#if NET6_0
string funcScript = PowerShellScripts.UpdateIISBindingsV6;
#elif NET8_0_OR_GREATER
string funcScript = PowerShellScripts.UpdateIISBindingsV8;
#endif
string funcScript = PowerShellScripts.UpdateIISBindings;

ps.AddScript(funcScript);
ps.AddParameter("SiteName", webSiteName);
Expand Down
14 changes: 1 addition & 13 deletions IISU/PSHelper.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,22 +50,10 @@ public static Runspace GetClientPsRunspace(string winRmProtocol, string clientMa

if (isLocal)
{
#if NET6_0
_logger.LogTrace("Establishing a local RunSpace.");
PowerShellProcessInstance instance = new PowerShellProcessInstance(new Version(5, 1), null, null, false);
Runspace rs = RunspaceFactory.CreateOutOfProcessRunspace(new TypeTable(Array.Empty<string>()), instance);
return rs;
#elif NET8_0_OR_GREATER
try
{
InitialSessionState iss = InitialSessionState.CreateDefault();
Runspace rs = RunspaceFactory.CreateRunspace(iss);
return rs;
}
catch (global::System.Exception)
{
throw new Exception($"An error occurred while attempting to create the PowerShell instance. This version requires .Net8 and PowerShell SDK 7.2 or greater. Please verify the version of .Net8 and PowerShell installed on your machine.");
}
#endif
}
else
{
Expand Down
63 changes: 1 addition & 62 deletions IISU/Scripts/PowerShellScripts.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,68 +8,7 @@ namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Scripts
{
public class PowerShellScripts
{
public const string UpdateIISBindingsV6 = @"
param (
$SiteName, # The name of the IIS site
$IPAddress, # The IP Address for the binding
$Port, # The port number for the binding
$Hostname, # Hostname for the binding (if any)
$Protocol, # Protocol (e.g., HTTP, HTTPS)
$Thumbprint, # Certificate thumbprint for HTTPS bindings
$StoreName, # Certificate store location (e.g., ""My"" for personal certs)
$SslFlags # SSL flags (if any)
)

# Set Execution Policy (optional, depending on your environment)
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force

# Check if the WebAdministration module is available
$module = Get-Module -Name WebAdministration -ListAvailable

if (-not $module) {
throw ""The WebAdministration module is not installed on this system.""
}

# Check if the WebAdministration module is already loaded
if (-not (Get-Module -Name WebAdministration)) {
try {
# Attempt to import the WebAdministration module
Import-Module WebAdministration -ErrorAction Stop
}
catch {
throw ""Failed to load the WebAdministration module. Ensure it is installed and available.""
}
}

# Retrieve the existing binding information
$myBinding = ""${IPAddress}:${Port}:${Hostname}""
Write-Host ""myBinding: "" $myBinding

$siteBindings = Get-IISSiteBinding -Name $SiteName
$existingBinding = $siteBindings | Where-Object { $_.bindingInformation -eq $myBinding -and $_.protocol -eq $Protocol }

Write-Host ""Binding:"" $existingBinding

if ($null -ne $existingBinding) {
# Remove the existing binding
Remove-IISSiteBinding -Name $SiteName -BindingInformation $existingBinding.BindingInformation -Protocol $existingBinding.Protocol -Confirm:$false

Write-Host ""Removed existing binding: $($existingBinding.BindingInformation)""
}

# Create the new binding with modified properties
$newBindingInfo = ""${IPAddress}:${Port}:${Hostname}""

New-IISSiteBinding -Name $SiteName `
-BindingInformation $newBindingInfo `
-Protocol $Protocol `
-CertificateThumbprint $Thumbprint `
-CertStoreLocation $StoreName `
-SslFlag $SslFlags

Write-Host ""New binding added: $newBindingInfo""";

public const string UpdateIISBindingsV8 = @"
public const string UpdateIISBindings = @"
param (
$SiteName, # The name of the IIS site
$IPAddress, # The IP Address for the binding
Expand Down
Loading
Loading