Integrations
Free trial

Windows - Certificate Grant Read Access

Octopus.Script exported 2015-01-30 by ARBNIK@skandianet.org belongs to ‘Windows’ category.

Grant read access to certificate for a specific user

Parameters

When steps based on the template are included in a project’s deployment process, the parameters below can be set.

Certificate Name

certCN

The CN of the Certificate

User name

userName

The Windows user

Script body

Steps based on this template will execute the following PowerShell script.

# $certCN is the identifiying CN for the certificate you wish to work with
# The selection also sorts on Expiration date, just in case there are old expired certs still in the certificate store.
# Make sure we work with the most recent cert
    
    Try
    {
        $WorkingCert = Get-ChildItem CERT:\LocalMachine\My |where {$_.Subject -match $certCN} | sort $_.NotAfter -Descending | select -first 1 -erroraction STOP
        $TPrint = $WorkingCert.Thumbprint
        $rsaFile = $WorkingCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
        if($TPrint){
            Write-Host "Found certificate named $certCN with thumbprint $TPrint"
        }
        else{
            throw "Error: unable to locate certificate for $($CertCN)"
        }
    }
    Catch
    {
      throw "Error: unable to locate certificate for $($CertCN)"
    }
    $keyPath = "$env:SystemDrive\ProgramData\Microsoft\Crypto\RSA\MachineKeys\"
    $fullPath=$keyPath+$rsaFile
    $acl=Get-Acl -Path $fullPath
    $permission=$userName,"Read","Allow"
    $accessRule=new-object System.Security.AccessControl.FileSystemAccessRule $permission
    $acl.AddAccessRule($accessRule)
    Try 
    {
        Write-Host "Granting read access for user $userName on $certCN"
     Set-Acl $fullPath $acl
      Write-Host "Success: ACL set on certificate"
    }
    Catch
    {
      throw "Error: unable to set ACL on certificate"
    }

Provided under the Apache License version 2.0.

Report an issue

To use this template in Octopus Deploy, copy the JSON below and paste it into the Library → Step templates → Import dialog.

{
  "Id": "cf6f35bf-b3e0-4285-98be-dcb509ab2ef9",
  "Name": "Windows  - Certificate Grant Read Access",
  "Description": "Grant read access to certificate for a specific user",
  "Version": 12,
  "ExportedAt": "2015-01-30T14:39:14.212+00:00",
  "ActionType": "Octopus.Script",
  "Author": "ARBNIK@skandianet.org",
  "Parameters": [
    {
      "Name": "certCN",
      "Label": "Certificate Name",
      "HelpText": "The CN of the Certificate",
      "DefaultValue": null,
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      }
    },
    {
      "Name": "userName",
      "Label": "User name",
      "HelpText": "The Windows user",
      "DefaultValue": null,
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      }
    }
  ],
  "Properties": {
    "Octopus.Action.Script.ScriptBody": "# $certCN is the identifiying CN for the certificate you wish to work with\n# The selection also sorts on Expiration date, just in case there are old expired certs still in the certificate store.\n# Make sure we work with the most recent cert\n    \n    Try\n    {\n        $WorkingCert = Get-ChildItem CERT:\\LocalMachine\\My |where {$_.Subject -match $certCN} | sort $_.NotAfter -Descending | select -first 1 -erroraction STOP\n        $TPrint = $WorkingCert.Thumbprint\n        $rsaFile = $WorkingCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName\n        if($TPrint){\n            Write-Host \"Found certificate named $certCN with thumbprint $TPrint\"\n        }\n        else{\n            throw \"Error: unable to locate certificate for $($CertCN)\"\n        }\n    }\n    Catch\n    {\n      throw \"Error: unable to locate certificate for $($CertCN)\"\n    }\n    $keyPath = \"$env:SystemDrive\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\\"\n    $fullPath=$keyPath+$rsaFile\n    $acl=Get-Acl -Path $fullPath\n    $permission=$userName,\"Read\",\"Allow\"\n    $accessRule=new-object System.Security.AccessControl.FileSystemAccessRule $permission\n    $acl.AddAccessRule($accessRule)\n    Try \n    {\n        Write-Host \"Granting read access for user $userName on $certCN\"\n     Set-Acl $fullPath $acl\n      Write-Host \"Success: ACL set on certificate\"\n    }\n    Catch\n    {\n      throw \"Error: unable to set ACL on certificate\"\n    }",
    "Octopus.Action.Script.Syntax": "PowerShell"
  },
  "Category": "Windows",
  "HistoryUrl": "https://github.com/OctopusDeploy/Library/commits/master/step-templates//opt/buildagent/work/75443764cd38076d/step-templates/windows-certificate-grant-read-access.json",
  "Website": "/step-templates/cf6f35bf-b3e0-4285-98be-dcb509ab2ef9",
  "Logo": "iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAMAAACahl6sAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAADNQTFRF////Da3qSsLvhtb0wur6O7zuWcfxldv2aMzyK7ftpOD3s+X48Pr+0fD7d9HzHLLr4fX8xD/OcwAAAaNJREFUeNrs3cFygjAUQFECWott1f//2sJoW6kIKEzNs+euXOmcmSSGDa8oJEmSJEmSJGmsj1W1K9cpsGD1Vr2WdToVEPC+2lYvZfpVrEW0qZpF1F+MRdRugzoNlvkiarfBPk0pT8GhWUSX2yASpDlLr2+DEJBmEY1ug6whx7N0n2b30G1QlmmxHsRYp6X76yvF9vg5RYQczq8UVURI35UiFmTgShED0p6lI1eKzCHTrxS5Qk6PZ9PLDtJ9PIsJmXWlyAky6/dAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQMJCyjltF/iO3gpJUpD8s4OAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID8T8itwwKyhbTdMr4ha8hXUwZqhICcOgyNOIkE+V5wo4MSgr1u/fp7poO+AL8K/gL8yw0UeyRB34m9iQ/pVD8L5JYTO3NI58R+AsiEEzsW5OfE3sUe/zRwYkeGnG2g2CPS7rhjF4GKP0ZwyoldxK37kFqEL/7wU0mSJEmSJOmJ+xRgAHxZTCXGdZkfAAAAAElFTkSuQmCC",
  "$Meta": {
    "Type": "ActionTemplate"
  }
}

History

Page updated on Friday, January 30, 2015