function AllowAppPoolsAccessToPrivateKeyForCert(){
param ( $certName )
#find signing certificate
$c = ((gci Cert:\LocalMachine\My) | where { $_.Subject -eq "CN=$certName" })[0]
$fullPath = "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\$($c.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName)"
$acl=Get-Acl -Path $fullPath
foreach ($appPool in ((gci iis:\appPools | where { -not ($_.Name.StartsWith(".NET")) }) | select "Name")){
$permission= "IIS APPPOOL\$(($appPool.Name).ToString())","FullControl","Allow"
$accessRule=new-object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.AddAccessRule($accessRule)
}
#$acl.GetAccessRules($true,$true, [System.Security.Principal.NTAccount])
Set-Acl $fullPath $acl
}
Tuesday 10 September 2019
App pool private cert access
Function loops all app pools on server and allows access to private key for provided cert
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment