Skip to content

Cerrtificate Regeneration

Jump to bottom
StuartFerguson edited this page Jul 3, 2025 · 1 revision

Run the below powershell to generate new certificates.

Once run copy aspnetapp-root-cert.cer and aspnetapp-web-api.pfx from "C:\Projects\TransactionProcessing\SecurityService\Certificates" to "C:\Projects\TransactionProcessing\SecurityService\SecurityService"

# Set this to $true to force re-creation of certs $forceOverwrite = $true # or $false to skip existing certs

# Source: https://stackoverflow.com/a/62060315

$ErrorActionPreference = "Stop"

$rootCN = "IdentityServerDockerDemoRootCert" $identityServerCNs = "identity-server", "localhost" $webApiCNs = "web-api", "localhost"

function Remove-CertIfExists { param ( [string]$subjectName ) $certs = Get-ChildItem -Path Cert:\LocalMachine\My -Recurse | Where-Object { $_.Subject -eq "CN=$subjectName" } foreach ($cert in $certs) { Write-Output "Removing existing certificate with subject CN=$subjectName" Remove-Item -Path "Cert:\LocalMachine\My\$($cert.Thumbprint)" -Force } }

if ($forceOverwrite) { Remove-CertIfExists -subjectName $rootCN Remove-CertIfExists -subjectName $identityServerCNs[0] Remove-CertIfExists -subjectName $webApiCNs[0] }

$alreadyExistingCertsRoot = Get-ChildItem -Path Cert:\LocalMachine\My -Recurse | Where-Object {$_.Subject -eq "CN=$rootCN"} $alreadyExistingCertsIdentityServer = Get-ChildItem -Path Cert:\LocalMachine\My -Recurse | Where-Object {$_.Subject -eq ("CN={0}" -f $identityServerCNs[0])} $alreadyExistingCertsApi = Get-ChildItem -Path Cert:\LocalMachine\My -Recurse | Where-Object {$_.Subject -eq ("CN={0}" -f $webApiCNs[0])}

if ($alreadyExistingCertsRoot.Count -eq 1) { Write-Output "Skipping creating Root CA certificate as it already exists." $testRootCA = [Microsoft.CertificateServices.Commands.Certificate] $alreadyExistingCertsRoot[0] } else { $testRootCA = New-SelfSignedCertificate -Subject $rootCN -KeyUsageProperty Sign -KeyUsage CertSign -CertStoreLocation Cert:\LocalMachine\My }

if ($alreadyExistingCertsIdentityServer.Count -eq 1) { Write-Output "Skipping creating Identity Server certificate as it already exists." $identityServerCert = [Microsoft.CertificateServices.Commands.Certificate] $alreadyExistingCertsIdentityServer[0] } else { $identityServerCert = New-SelfSignedCertificate -DnsName $identityServerCNs -Signer $testRootCA -CertStoreLocation Cert:\LocalMachine\My }

if ($alreadyExistingCertsApi.Count -eq 1) { Write-Output "Skipping creating API certificate as it already exists." $webApiCert = [Microsoft.CertificateServices.Commands.Certificate] $alreadyExistingCertsApi[0] } else { $webApiCert = New-SelfSignedCertificate -DnsName $webApiCNs -Signer $testRootCA -CertStoreLocation Cert:\LocalMachine\My }

$password = ConvertTo-SecureString -String "password" -Force -AsPlainText

$rootCertPathPfx = "C:\Projects\TransactionProcessing\SecurityService\Certificates"

[System.IO.Directory]::CreateDirectory($rootCertPathPfx) | Out-Null [System.IO.Directory]::CreateDirectory($identityServerCertPath) | Out-Null [System.IO.Directory]::CreateDirectory($webApiCertPath) | Out-Null

Export-PfxCertificate -Cert $testRootCA -FilePath "$rootCertPathPfx/aspnetapp-root-cert.pfx" -Password $password | Out-Null Export-PfxCertificate -Cert $identityServerCert -FilePath "$rootCertPathPfx/aspnetapp-identity-server.pfx" -Password $password | Out-Null Export-PfxCertificate -Cert $webApiCert -FilePath "$rootCertPathPfx/aspnetapp-web-api.pfx" -Password $password | Out-Null

Export-Certificate -Cert $testRootCA -FilePath "$rootCertPathPfx/aspnetapp-root-cert.cer" -Type CERT | Out-Null

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root","LocalMachine" $store.Open("ReadWrite")

$rootCertAlreadyTrusted = ($store.Certificates | Where-Object {$_.Subject -eq "CN=$rootCN"} | Measure-Object).Count -eq 1

if (-not $rootCertAlreadyTrusted) { Write-Output "Adding the root CA certificate to the trust store." $store.Add($testRootCA) }

$store.Close()

Clone this wiki locally