colombeen

Advanced certificate install question

37 posts in this topic

#1 ·  Posted (edited)

Hi guys,

I have a pretty advanced question...

 

This is the issue i'm facing :

On a regular basis we need to install pfx certificates (with password protection) on devices from external companies.

To install the certificate we always have to contact the user, setup a really dull and long process to get an RDP session to that device, install the certificate.

 

I'm looking for :

a way to generate exe files on the fly, that will include the pfx file and password, and automatically install them without any interaction from the user, and the user not being able to retrieve the password to install the certificate.

 

Question :

Is this possible with AutoIT? And if so, does anyone have a working example for the certificate installation part or the auto generate with file include?

 

Thx in advance

colombeen

Edited by colombeen

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

NOOOO!!!

not at all. we regularly need to grant access for external users to access our domain. to do so we need to install a certificate that allows them to connect.

I want to automate the install process of the cert so that we don't need to make the rdp session etc.

i want to send them the "certificate installer" generated with autoit via email or something else so that they can install the certificate without us needing remote control (because they can't know the password for the cert, that's why we need RDP => security reasons)

if i can automate this into an autoit compiled executable (has to be encrypted) i can speed up the process.

this is what I'm aiming for =>

- generate certificate + password via powershell
- call autoit compiler from powershell, telling it where the certificate is placed and what the password is (and maybe something else to verify the device)
- compiler needs to create an exe that holds both items
- it checks for the hostname (or something else) of the device it will be run on
- if everything checks out, install the certificate
- certificate installer shouldn't work for more then a few hours and then it should just stop working (to make sure it only will be installed on 1 device)
- user get's a message that the installing was a success or a failure

Edited by colombeen

Share this post


Link to post
Share on other sites

Thanks for clarification.

I'm sorry I don't know about solution, but I do know it is never safe or secure to have a password embedded in a script, AutoIt or anything else, it can without exception be retrieved.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

I know it's not a good way to include a pass in a script, but it's just so time consuming. i was just hoping that i would be possible with encryption on the exe file

Share this post


Link to post
Share on other sites

@colombeen,

yes, this is possible, and i dare say rather easy.

the "embedded password" catch can be easily avoided - do not embed the password. instead, equip your "installer" with an input box for the password, and when you guide the end user throughout the installation process (by phone i assume), read-out the password to the user when the time comes to type it in.

now, here's how you proceed:

1) report your topic and have a moderator move it to the General Help and Support forum, where it truely belongs and will get a more assistive attention.

2) learn the following AutoIt functions:

FileInstall() - to embed and extract an external file (the pfx) in the compiled script

InputBox() - to ask the user for the password

Run() - to launch certutil.exe to install the certificate

MsgBox() - to inform the user of failure or success

3) make a decent attempt at it and come back if you need further assistance.

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

17 hours ago, orbs said:

the "embedded password" catch can be easily avoided - do not embed the password. instead, equip your "installer" with an input box for the password, and when you guide the end user throughout the installation process (by phone i assume), read-out the password to the user when the time comes to type it in.

This is not an option... the user may never hear/read/touch/... the password for the certificate file. otherwise i could just send the certificate with the password and i would be done with it...

Also... the fileinstall etc... I need to be able to add the file on the fly from a command like

AutoITCompiler.exe -compile -au3file "certinstaller.au3" -outputfile "certinstaller.exe" -includefile "cert6546548979821.pfx" -addvariable "Th1sIsN0tAR34lP4ssw0rd!" -encrypted -somethingsomething

so that i can run the function that creates the certificate with the required params, generates the executable, creates an e-mail and sends it with the steps the user should take.

 

creating a script that can install a certificate will prob not be such a big hastle for me... it's the auto generate part that i don't know/have no experience with

Edited by colombeen

Share this post


Link to post
Share on other sites

@colombeen As we discussed via PM I think the suggestion given to you to move this to General Help and Support was incorrect, as this thread is still about the mechanics of accomplishing what you're after rather than a specific issue with an AutoIt script. For that reason I think DEV forum is the perfect place to discuss the how's and why's of what you are trying to accomplish.

If you get to the point of creating the script to install your certificate, as you mention above, and run into issues, then I think it would make sense to create a thread in General Help and Support for specifically that subject. You can even link it back here for someone who wants all the history on it.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

3 hours ago, colombeen said:

This is not an option... the user may never hear/read/touch/... the password for the certificate file.

ok, then this is a case of production / security trade-off. consider the following:

1) certificate is bound to a hostname

2) certificate has a limited time before expiration

3) certificate alone is not sufficient for connection, a username/password combination is required as well

4) a script that simple can be safely made with an older version of AutoIt, which supports obfuscating the code

given the above, i'd say the risk of a compromised certificate password is low. if your CISSO agrees, then embed the password. the rest is technicality:

3 hours ago, colombeen said:

Also... the fileinstall etc... I need to be able to add the file on the fly from a command like

this is actually a lot easier than you think. off-hand i'd follow this logic:

the parameters which vary from one certificate to another is the certificate file name and the password. put in your main script a line like this:

#include <CurrentCertificateInfo.au3>

in your PoweShell script (or batch file), right after you create the certificate (and you know its file name and password), create a new file named CurrentCertificateInfo.au3 and have it contain these two lines:

FileInstall("cert6546548979821.pfx", @TempDir & '\CurrCert.pfx', 1)
Global $sPassword = "Th1sIsN0tAR34lP4ssw0rd!"

the main script the uses CurrCert.pfx and $sPassword in due time.

now study the correct syntax of compiling from the command line from the AutoIt help file: AutoIt > using AutoIt > Compiling Scripts > Method 3 - The Command Line

you'll find all your requirements are met by the available command line switches (except of the "-encrypted -somethingsomething" part, which i don't understand what it means).

Edited by orbs
1 person likes this

Share this post


Link to post
Share on other sites

Thx for the info @orbs

I'll check into it

Share this post


Link to post
Share on other sites

If you want install certs in Windows store (not on Crypto card) you could try to use certutil. For this case you could check my Certutil UDF 


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites
17 hours ago, mLipok said:

If you want install certs in Windows store (not on Crypto card) you could try to use certutil. For this case you could check my Certutil UDF 

I wish that I could use the UDF but it doesn't support passwords for pfx certificates, and that is the most important part of this automation. I'll see how far I can get with my project and maybe I'll try to add some features to the udf

Share this post


Link to post
Share on other sites

I'm changing the way I'll be handling the passwords for the certificates.

I'll be using a little webservice that will retrieve the password, and if the certificate is installed correctly, the webservice will be returned an OK to remove the password

 

this is the command i'll be using to install the PFX files : 

certutil -f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot

The biggest issue is that I can't be sure if the install was a succes because certutil always returns 0 as an exit code, and I'm not sure how to retrieve the errorlevel environment variable from a cmd window

Share this post


Link to post
Share on other sites

I will Look at this, late night.


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites
2 hours ago, colombeen said:

 

I'm changing the way I'll be handling the passwords for the certificates.

I'll be using a little webservice that will retrieve the password, and if the certificate is installed correctly, the webservice will be returned an OK to remove the password

 

that's still no guarantee to prevent compromised password, but if that's OK with your CISSO, it's fine by me... ;)

2 hours ago, colombeen said:

... I can't be sure if the install was a succes ...

after you call certutil.exe to import the certificate, call it again with the parameter -store only. this will generate a list of the installed certificates, which you can check for the presence of your certificate.

Share this post


Link to post
Share on other sites

I'd rather check the errorlevel code if at all possible... it's alot more code for a verification... the info from the pfx can't be read by the autoit gui so I'd have to provide it some other way (reading out the certutil install info or something but that would take alot more time to code)

issue for me is that if you do the command for the certinstall, and you add " & echo %errorlevel%" it always shows the errorlevel from before the certutil command... it has the be executed on it's own line and not in a oneliner

Share this post


Link to post
Share on other sites

Try to use this:
 

Func _CertUtil_ImportPFX()
    Local $sResult = __CertUtil_RunWrapper('-f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot','','')

    ; CertUtil: -delstore command completed successfully.
    If Not StringInStr($sResult, 'CertUtil: -delstore command completed successfully.') Then
        Return SetError($CUTIL_ERR_GENERAL, $CUTIL_EXT_DEFAULT, 0)
    EndIf

    Return SetError($CUTIL_ERR_SUCCESS, $CUTIL_EXT_DEFAULT, $CUTIL_RET_SUCCESS)

EndFunc    ;==>_CertUtil_delstore

 

Here are my results:

Quote

====================================================================
Command: certutil.exe -f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot  
Stdout Read:
CertUtil: -importPFX command FAILED: 0x80070003 (WIN32: 3 ERROR_PATH_NOT_FOUND)
CertUtil: System nie może odnaleźć określonej ścieżki.
====================================================================

>>>>>> Please close the "Report Log Window" to exit <<<<<<<

As you can see:
"System nie może odnaleźć określonej ścieżki."
"System can't  find the specified path."

 

I think this should be all what you need.

Regards
mLipok


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites
5 hours ago, mLipok said:

Try to use this:
 

Func _CertUtil_ImportPFX()
    Local $sResult = __CertUtil_RunWrapper('-f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot','','')

    ; CertUtil: -delstore command completed successfully.
    If Not StringInStr($sResult, 'CertUtil: -delstore command completed successfully.') Then
        Return SetError($CUTIL_ERR_GENERAL, $CUTIL_EXT_DEFAULT, 0)
    EndIf

    Return SetError($CUTIL_ERR_SUCCESS, $CUTIL_EXT_DEFAULT, $CUTIL_RET_SUCCESS)

EndFunc    ;==>_CertUtil_delstore

 

The issue with this check is that 

If Not StringInStr($sResult, 'CertUtil: -delstore command completed successfully.') Then

Will not work on my system because the return information from the error is in dutch on my device. As we need to send out this installer to people all over europe, I can't be checking on every language...

Also it seems that when I run it without comspec i do get the exit code correctly

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • Overkill
      By Overkill
      Hi all,
      I am working on a GUI program to update Google's Dynamic DNS (API at https://support.google.com/domains/answer/6147083?authuser=1&hl=en if you scroll to bottom). I am not a programmer by any means - just a sysadmin who has picked up on some things along the way. I am sure that there's better ways to do a lot of things in this script; I'm just going with what I know.
      My challenge right now is that I'd like a better way to store the credentials both in memory as well as in system registry or INI file (not sure which way I want to go for local storage). How should I convert the passwords to a secure string in a manner that can't be easily reversed, yet is still accessible to the script? Is that even an option in AutoIt?
      Can anybody provide me with links to good reference posts, or coding suggestions for how best to achieve this in the script below? I am using the WinHTTP UDF (https://github.com/dragana-r/autoit-winhttp/releases) to make my API calls.
      #include<WinHTTP.au3> #include<GUIConstantsEx.au3> #include<EditConstants.au3> #include<iNet.au3> #include<Array.au3> DIM $aDomainList[1][4] $aDomainList[0][0] = 0 $gMainGUI = GUICreate("Overkill's Google DNS Updater",800,800) $gDomainLabel = GUICtrlCreateLabel("FQDN",21,8) $gDomainInput = GUICtrlCreateInput("",60,5,300) $gUserLabel = GUICtrlCreateLabel("Username",5,36) $gUserInput = GUICtrlCreateInput("",60,32,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gPasswordLabel = GUICtrlCreateLabel("Password",6,64) $gPassInput = GUICtrlCreateInput("",60,60,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gAddButton = GUICtrlCreateButton("ADD DOMAIN",200,31,160,52) $gCurrentIP = GUICtrlCreateLabel("Current IP: " & _CheckIP(),5,780) $gDomainList = GUICtrlCreateListView("Domain | Resolved IP | Update Status",5,120,600,600) GUISetState(@SW_SHOW,$gMainGUI) while 1 $m = GUIGetMsg() IF $M = $GUI_EVENT_CLOSE then Exit IF $M = $gAddButton Then $sAddDomain = GUICtrlRead($gDomainInput) $sAddUser = GUICtrlRead($gUserInput) $sAddPass = GUICtrlRead($gPassInput) $sResolveIP = _DNSCheck($sAddDomain) ;Google wants you to avoid sending updates when there are no changes If StringCompare($sResolveIP,_CheckIP()) = 0 Then $sStatus = "No change, not sending update" Else $sStatus = _DNSUpdate($sAddDomain,$sAddUser,$sAddPass) EndIf ;Check to make sure all fields are completed before continuing IF StringLen($sAddDomain) = 0 OR StringLen($sAddUser) = 0 OR StringLen($sAddPass) = 0 Then MsgBox(0,"","Please complete all fields") Else ; If the fields all have data, then continue ;Check to see if the entry exists in the array already $iSanity = _ArraySearch($aDomainList,$sAddDomain) IF $iSanity = 0 Then _ArrayAdd($aDomainList,$sAddDomain & "|" & $sAddUser & "|" & $sAddPass ) If @error = 0 Then $aDomainList[0][0] += 1 $aDomainList[$aDomainList[0][0]][3] = GUICtrlCreateListViewItem($sAddDomain & "|" & $sResolveIP & "|" & $sStatus,$gDomainList) Else MsgBox(0,"","Error adding input to list") EndIf Else ; If $iSanity <> 0 ; Update existing info in array and listviewitem $aDomainList[$iSanity][0] = $sAddDomain $aDomainList[$iSanity][1] = $sAddUser $aDomainList[$iSanity][2] = $sAddPass GUICtrlSetData($aDomainList[$iSanity][3],$sAddDomain & "|" & $sResolveIP & "|" & $sStatus) EndIf ; If $iSanity = 0 EndIf ; If StringLen... EndIf ; If $m = $gaddbutton WEnd ;---------------------------------------------------------------------------------------- Func _DNSCheck($sFQDN) $sJSON = _INetGetSource("https://dns.google.com/resolve?name=" & $sFQDN & "&cd=1") ConsoleWrite($sJSON & @CRLF) $sIPAddress = StringRegExpReplace($sJSON,'^.*data": "(.*?)".*?$',"\1") Return $sIPAddress EndFunc ;---------------------------------------------------------------------------------------- Func _DNSUpdate($sFQDN,$sUser,$sPass) Local $sGoogleAPIURI = "https://domains.google.com" Local $hOpen = _WinHttpOpen() Local $hConnect = _WinHttpConnect($hOpen, $sGoogleAPIURI) Local $sHeader = _ 'Authorization: Basic ' & _Base64Encode($sUser & ":" & $sPass) & @CRLF & _ 'Accept: */*' & @CRLF & _ 'User-Agent: AutoITScript/' & @AutoItVersion & @CRLF & _ 'Content-Type: application/x-www-form-urlencoded' Local $aHTTPResponse = _WinHttpSimpleSSLRequest($hConnect, "POST", "/nic/update", Default, "hostname=" & $sFQDN, $sHeader, True, Default, Default, Default, True) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) If IsArray($aHTTPResponse) Then $sHTTPResponse = "Header:" & @CRLF & $aHTTPResponse[0] & @CRLF & "Data:" & @CRLF & $aHTTPResponse[1] & @CRLF & @CRLF & @CRLF Return $aHTTPResponse[1] Else $sHTTPResponse = "NO REPLY" Return "No reply from " & $sGoogleAPIURI EndIf EndFunc ;---------------------------------------------------------------------------------------- Func _Base64Encode($sData) Local $oXml = ObjCreate("Msxml2.DOMDocument") If Not IsObj($oXml) Then SetError(1, 1, 0) EndIf Local $oElement = $oXml.createElement("b64") If Not IsObj($oElement) Then SetError(2, 2, 0) EndIf $oElement.dataType = "bin.base64" $oElement.nodeTypedValue = Binary($sData) Local $sReturn = $oElement.Text If StringLen($sReturn) = 0 Then SetError(3, 3, 0) EndIf Return $sReturn EndFunc ;---------------------------------------------------------------------------------------- Func _CheckIP() Return _INetGetSource("https://domains.google.com/checkip") EndFunc ;----------------------------------------------------------------------------------------  
    • DrLarch
      By DrLarch
      Curious if anyone knows if the permissions UDF can be used with certificates and if so, how.
      This is the code in the UDF for $_SE_OBJECT_TYPE which doesn't state anything about certs and not sure if it would fall under one of the object types listed:
      Global Enum _ ;$_SE_OBJECT_TYPE $SE_UNKNOWN_OBJECT_TYPE = 0, _ ;Unknown object type. $SE_FILE_OBJECT, _ ;Indicates a file or directory. Can be an absolute path, such as FileName.dat, C:\DirectoryName\FileName.dat, or a handle to an opened file $SE_SERVICE, _;Indicates a Windows service. A service object can be a local service, such as ServiceName, or a remote service, such as \\ComputerName\ServiceName, or a handle to a service $SE_PRINTER, _;Indicates a printer. A printer object can be a local printer, such as PrinterName, or a remote printer, such as \\ComputerName\PrinterName. $SE_REGISTRY_KEY, _;Indicates a registry key. The names can be in the format 'HKLM\SOFTWARE\Example', or 'HKEY_LOCAL_MACHINE\SOFTWARE\Example'. It can also be a handle to a registry key $SE_LMSHARE, _;Indicates a network share. A share object can be local, such as ShareName, or remote, such as \\ComputerName\ShareName. $SE_KERNEL_OBJECT, _;Indicates a local kernel object. All types of kernel objects are supported. ie, A process handle obtained with _Permissions_OpenProcess $SE_WINDOW_OBJECT, _;Indicates a window station or desktop object on the local computer. $SE_DS_OBJECT, _;Indicates a directory service object or a property set or property of a directory service object. e.g.CN=SomeObject,OU=ou2,OU=ou1,DC=DomainName,DC=CompanyName,DC=com,O=internet $SE_DS_OBJECT_ALL, _;Indicates a directory service object and all of its property sets and properties. $SE_PROVIDER_DEFINED_OBJECT, _;Indicates a provider-defined object. $SE_WMIGUID_OBJECT, _;Indicates a WMI object. $SE_REGISTRY_WOW64_32KEY;Indicates an object for a registry entry under WOW64. ;$_SE_OBJECT_TYPE What I'm trying to do is add another user to a cert in Certificates (Local  Computer) > Personal > Certificates as if using the "manage private keys" command via the MMC.
      Thanks...
    • Luigi
      By Luigi
      Greetings,
      I want use WinHttpRequest to access a OpenShift API server, it use a self signed certificate.
      Does now work...
      I never try with a self signed certificate, how do this?
      Best regards
      Global $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("GET", "https://openshift.domain:1234/api/", False) $oHttp.Option(4) = 0x0100 + 0x0200 + 0x1000 + 0x2000 $oHTTP.Option(9) = 0x0080 ;WinHttpRequestOption_SecureProtocols ;~ $oHttp.SetClientCertificate("LOCAL_MACHINE\\Personal\\certificado.crt") $oHttp.Send() $oHttp.WaitForResponse() Local $oAllHeaders = $oHttp.GetAllResponseHeaders() $oReceived = $oHttp.ResponseText $oStatusCode = $oHttp.Status $oHttp = 0 If $oStatusCode = 200 Then ConsoleWrite("$oAllHeaders--------------------" & @LF & $oAllHeaders & "$oAllHeaders--------------------" & @LF) Else ConsoleWrite("< error = " & $oReceived & @LF & $oAllHeaders & @LF) EndIf  
    • VIP
      By VIP
      I can not do anything with any user in the "Local Users Group"
      I tried from my account but I could not change my password (ie set new password)!
      But I was able to activate the Administrator account and I logged into the Administrator account and still could not do anything with my account! But I can set the password and disable the Administrator account from my account or Administrator.
      Any ideas? (Ignore the click on the Sign-in option in the Change Accout settings.)
       

    • Parsix
      By Parsix
      Hi
      i try import protected pfx file to Windows XP by CertUtil
      i need add a pfx to this CertificateStoreName:
      "Trusted Root Certification Authorities" "Trusted Publishers" "Third-Party Root Certification Authorities" certutil import pfx to  Windows 10 by this command
       
      Local $path_OSSys=@WindowsDir&"\System32" If @OSArch="X64" Or @OSArch="IA64" Then $path_OSSys=@WindowsDir&"\SysWOW64" $command="certutil.exe -f -p " & $password &' -importPFX TrustedPublisher "' & $pfx & '"' $iPID = Run($path_OSSys&"\CMD.exe" & " /C " & $command,"",@SW_HIDE) ProcessWaitClose($iPID) $command="certutil.exe -f -p " & $password &' -importPFX AuthRoot"' & $pfx & '"' $iPID = Run($path_OSSys&"\CMD.exe" & " /C " & $command,"",@SW_HIDE) ProcessWaitClose($iPID) work fine.
       
      in Windows XP :
      i add certutil.exe and certadm.dll (Windows Server 2003 -v5.2.3790) to System Folder ($path_OSSys)
      but it can't support CertificateStoreName and only add this command line
      Local $path_OSSys=@WindowsDir&"\System32" If @OSArch="X64" Or @OSArch="IA64" Then $path_OSSys=@WindowsDir&"\SysWOW64" $command="certutil.exe -f -p " & $password &' -importPFX "' & $pfx & '"' $iPID = Run($path_OSSys&"\CMD.exe" & " /C " & $command,"",@SW_HIDE) ProcessWaitClose($iPID) it add to pepole only.
       
      How to add pfx to "Trusted Root Certification Authorities", "Trusted Publishers" and "Third-Party Root Certification Authorities"  (Windows XP only)?
      how to convert and use X509Store (C# codes here)
      X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(new X509Certificate2(PFX, "myPass", X509KeyStorageFlags.MachineKeySet)); store.Close(); X509Store store2 = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine); store2.Open(OpenFlags.ReadWrite); store2.Add(new X509Certificate2(PFX, "myPass", X509KeyStorageFlags.MachineKeySet)); store2.Close();