switched to certreq

retsyudduyster · Aug 29, 2018 · 2582f68 · 2582f68
1 parent 6e1fca9
commit 2582f68
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 4 deletions.
diff --git a/resources/winrm.rb b/resources/winrm.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 resource_name :winrm
+default_action :create
 
 property :Hostname, String, default: node['fqdn']
 property :TrustedHosts, String, default: '*'
@@ -32,13 +33,17 @@
   # If no certificate found and generateCert is true try to generate a self signed cert
   if new_resource.HTTPS && new_resource.Thumbprint.nil? && load_thumbprint.empty?
     Chef::Log.warn('Inside Create Cert')
-    cookbook_file "#{Chef::Config[:file_cache_path]}\\selfssl.exe" do
-      source 'selfssl.exe'
+    template 'c:/chef/newcert.inf' do
+      source 'newcert.inf.erb'
+      variables ({
+      :hostname =>  node['fqdn']
+      })
     end
 
     execute 'create-certificate' do
-      command "#{Chef::Config[:file_cache_path]}\\selfssl.exe /T /N:cn=#{new_resource.Hostname} /V:3650 /Q"
+      command "certreq.exe -new -q -f c:\\chef\\newcert.inf c:\\chef\\selfsigned.pem"
     end
+
   end
 
   thumbprint = new_resource.Thumbprint.nil? ? load_thumbprint : new_resource.Thumbprint
@@ -115,7 +120,7 @@
 
 action_class do
   def load_thumbprint
-    cert_cmd = "Get-childItem cert:\\LocalMachine\\Root\\ | Select-String -pattern #{new_resource.Hostname} | Select-Object -first 1 -ExpandProperty line | % { $_.SubString($_.IndexOf('[Thumbprint]')+ '[Thumbprint]'.Length).Trim()}"
+    cert_cmd = "Get-childItem cert:\\LocalMachine\\My\\ | Select-String -pattern #{new_resource.Hostname} | Select-Object -first 1 -ExpandProperty line | % { $_.SubString($_.IndexOf('[Thumbprint]')+ '[Thumbprint]'.Length).Trim()}"
     cert_out = powershell_out!(cert_cmd)
     cert_out.stdout.strip
   end

diff --git a/templates/newcert.inf.erb b/templates/newcert.inf.erb
@@ -0,0 +1,23 @@
+[Version]
+Signature="$Windows NT$
+
+[Strings]
+szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
+szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
+szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"
+
+[NewRequest]
+Subject = CN=<%= @hostname %>
+Requesttype = Cert
+KeyLength = 2048
+FriendlyName = "Selfsigned Certificate"
+HashAlgorithm = sha256
+MachineKeySet=TRUE
+Silent = true
+ValidityPeriod = Years
+ValidityPeriodUnits = 10
+
+[Extensions]
+%szOID_ENHANCED_KEY_USAGE%="{text}%szOID_PKIX_KP_SERVER_AUTH%,"
+_continue_ = "%szOID_PKIX_KP_CLIENT_AUTH%"
+