Merge 0652296 into 9fcf193

rcpokorny · web-flow · commit d852ba19c82e · 2025-05-08T08:35:23.000-07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,11 +1,14 @@
+2.5.2
+* Fixed a PowerShell compatibility issue when using LocalMachine.  LocalMachine will always run PowerShell 5.1.
+  
 2.5.1
 * Fixed WinSQL service name when InstanceID differs from InstanceName
 
 2.5.0
 * Added the Bindings to the end of the thumbprint to make the alias unique.
 * Using new IISWebBindings commandlet to use additional SSL flags when binding certificate to website.
 * Added multi-platform support for .Net6 and .Net8.
-* Updated various PowerShell scripts to handle both .Net6 and .Net8 differences (specifically the absense of the WebAdministration module in PS SDK 7.4.x+)
+* Updated various PowerShell scripts to handle both .Net6 and .Net8 differences (specifically the absence of the WebAdministration module in PS SDK 7.4.x+)
 * Fixed issue to update multiple websites when using the same cert.
 * Removed renewal thumbprint logic to update multiple website; each job now updates its own specific certificate.
 
diff --git a/IISU/ClientPSIIManager.cs b/IISU/ClientPSIIManager.cs
@@ -567,78 +567,7 @@ private object PerformIISUnBinding(string webSiteName, string protocol, string i
         /// <returns></returns>
         private object PerformIISBinding(string webSiteName, string protocol, string ipAddress, string port, string hostName, string sslFlags, string thumbprint, string storeName)
         {
-            //string funcScript = @"
-            //    param (
-            //        $SiteName,        # The name of the IIS site
-            //        $IPAddress,       # The IP Address for the binding
-            //        $Port,            # The port number for the binding
-            //        $Hostname,        # Hostname for the binding (if any)
-            //        $Protocol,        # Protocol (e.g., HTTP, HTTPS)
-            //        $Thumbprint,      # Certificate thumbprint for HTTPS bindings
-            //        $StoreName,       # Certificate store location (e.g., ""My"" for personal certs)
-            //        $SslFlags         # SSL flags (if any)
-            //    )
-
-            //    # Set Execution Policy (optional, depending on your environment)
-            //    Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
-
-            //    ##  Check if the IISAdministration module is available
-            //    #$module = Get-Module -Name IISAdministration -ListAvailable
-
-            //    #if (-not $module) {
-            //    # throw ""The IISAdministration module is not installed on this system.""
-            //    #}
-
-            //    # Check if the IISAdministration module is already loaded
-            //    if (-not (Get-Module -Name IISAdministration)) {
-            //        try {
-            //            # Attempt to import the IISAdministration module
-            //            Import-Module IISAdministration -ErrorAction Stop
-            //        }
-            //        catch {
-            //            throw ""Failed to load the IISAdministration module. Ensure it is installed and available.""
-            //        }
-            //    }
-
-            //    # Retrieve the existing binding information
-            //    $myBinding = ""${IPAddress}:${Port}:${Hostname}""
-            //    Write-Host ""myBinding: "" $myBinding
-
-            //    $siteBindings = Get-IISSiteBinding -Name $SiteName
-            //    $existingBinding = $siteBindings | Where-Object { $_.bindingInformation -eq $myBinding -and $_.protocol -eq $Protocol }
-
-            //    Write-Host ""Binding:"" $existingBinding
-
-            //    if ($null -ne $existingBinding) {
-            //        # Remove the existing binding
-            //        Remove-IISSiteBinding -Name $SiteName -BindingInformation $existingBinding.BindingInformation -Protocol $existingBinding.Protocol -Confirm:$false
-
-            //        Write-Host ""Removed existing binding: $($existingBinding.BindingInformation)""
-            //    }
-
-            //    # Create the new binding with modified properties
-            //    $newBindingInfo = ""${IPAddress}:${Port}:${Hostname}""
-
-            //    try
-            //    {
-            //        New-IISSiteBinding -Name $SiteName `
-            //            -BindingInformation $newBindingInfo `
-            //            -Protocol $Protocol `
-            //            -CertificateThumbprint $Thumbprint `
-            //            -CertStoreLocation $StoreName `
-            //            -SslFlag $SslFlags
-
-            //        Write-Host ""New binding added: $newBindingInfo""
-            //    }
-            //    catch {
-            //        throw $_
-            //    }
-            //";
-#if NET6_0
-            string funcScript = PowerShellScripts.UpdateIISBindingsV6;
-#elif NET8_0_OR_GREATER
-            string funcScript = PowerShellScripts.UpdateIISBindingsV8;
-#endif
+            string funcScript = PowerShellScripts.UpdateIISBindings;
 
             ps.AddScript(funcScript);
             ps.AddParameter("SiteName", webSiteName);
diff --git a/IISU/PSHelper.cs b/IISU/PSHelper.cs
@@ -50,22 +50,10 @@ public static Runspace GetClientPsRunspace(string winRmProtocol, string clientMa
 
             if (isLocal)
             {
-#if NET6_0
+                _logger.LogTrace("Establishing a local RunSpace.");
                 PowerShellProcessInstance instance = new PowerShellProcessInstance(new Version(5, 1), null, null, false);
                 Runspace rs = RunspaceFactory.CreateOutOfProcessRunspace(new TypeTable(Array.Empty<string>()), instance);
                 return rs;
-#elif NET8_0_OR_GREATER
-                try 
-	            {	        
-                    InitialSessionState iss = InitialSessionState.CreateDefault();
-                    Runspace rs = RunspaceFactory.CreateRunspace(iss);
-                    return rs;
-	            }
-	            catch (global::System.Exception)
-	            {
-                    throw new Exception($"An error occurred while attempting to create the PowerShell instance.  This version requires .Net8 and PowerShell SDK 7.2 or greater.  Please verify the version of .Net8 and PowerShell installed on your machine.");
-	            }
-#endif
             }
             else
             {
diff --git a/IISU/Scripts/PowerShellScripts.cs b/IISU/Scripts/PowerShellScripts.cs
@@ -8,68 +8,7 @@ namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Scripts
 {
     public class PowerShellScripts
     {
-        public const string UpdateIISBindingsV6 = @"
-                param (
-                    $SiteName,        # The name of the IIS site
-                    $IPAddress,       # The IP Address for the binding
-                    $Port,            # The port number for the binding
-                    $Hostname,        # Hostname for the binding (if any)
-                    $Protocol,        # Protocol (e.g., HTTP, HTTPS)
-                    $Thumbprint,      # Certificate thumbprint for HTTPS bindings
-                    $StoreName,       # Certificate store location (e.g., ""My"" for personal certs)
-                    $SslFlags         # SSL flags (if any)
-                )
-
-                # Set Execution Policy (optional, depending on your environment)
-                Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
-
-                # Check if the WebAdministration module is available
-                $module = Get-Module -Name WebAdministration -ListAvailable
-
-                if (-not $module) {
-                    throw ""The WebAdministration module is not installed on this system.""
-                }
-
-                # Check if the WebAdministration module is already loaded
-                if (-not (Get-Module -Name WebAdministration)) {
-                    try {
-                        # Attempt to import the WebAdministration module
-                        Import-Module WebAdministration -ErrorAction Stop
-                    }
-                    catch {
-                        throw ""Failed to load the WebAdministration module. Ensure it is installed and available.""
-                    }
-                }
-
-                # Retrieve the existing binding information
-                $myBinding = ""${IPAddress}:${Port}:${Hostname}""
-                Write-Host ""myBinding: "" $myBinding
-
-                $siteBindings = Get-IISSiteBinding -Name $SiteName
-                $existingBinding = $siteBindings | Where-Object { $_.bindingInformation -eq $myBinding -and $_.protocol -eq $Protocol }
-    
-                Write-Host ""Binding:"" $existingBinding
-
-                if ($null -ne $existingBinding) {
-                    # Remove the existing binding
-                    Remove-IISSiteBinding -Name $SiteName -BindingInformation $existingBinding.BindingInformation -Protocol $existingBinding.Protocol -Confirm:$false
-        
-                    Write-Host ""Removed existing binding: $($existingBinding.BindingInformation)""
-                }
-        
-                # Create the new binding with modified properties
-                $newBindingInfo = ""${IPAddress}:${Port}:${Hostname}""
-        
-                New-IISSiteBinding -Name $SiteName `
-                    -BindingInformation $newBindingInfo `
-                    -Protocol $Protocol `
-                    -CertificateThumbprint $Thumbprint `
-                    -CertStoreLocation $StoreName `
-                    -SslFlag $SslFlags
-
-                Write-Host ""New binding added: $newBindingInfo""";
-
-        public const string UpdateIISBindingsV8 = @"
+        public const string UpdateIISBindings = @"
                 param (
                     $SiteName,        # The name of the IIS site
                     $IPAddress,       # The IP Address for the binding
diff --git a/README.md b/README.md
@@ -28,7 +28,7 @@
     <b>Related Integrations</b>
   </a>
 </p>
-
+ 
 ## Overview
 
 The WinCertStore Orchestrator remotely manages certificates in a Windows Server local machine certificate store.  Users are able to determine which store they wish to place certificates in by entering the correct store path.  For a complete list of local machine cert stores you can execute the PowerShell command:
@@ -113,7 +113,7 @@ The WinSql Certificate Store Type, referred to by its short name 'WinSql,' is de
 This integration is compatible with Keyfactor Universal Orchestrator version 10.1 and later.
 
 ## Support
-The Windows Certificate Universal Orchestrator extension is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com. 
+The Windows Certificate Universal Orchestrator extension If you have a support issue, please open a support ticket by either contacting your Keyfactor representative or via the Keyfactor Support Portal at https://support.keyfactor.com. 
  
 > To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
 
@@ -198,6 +198,8 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 
     ![WinCert Advanced Tab](docsource/images/WinCert-advanced-store-type-dialog.png)
 
+    > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
     #### Custom Fields Tab
     Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
 
@@ -279,6 +281,8 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 
     ![IISU Advanced Tab](docsource/images/IISU-advanced-store-type-dialog.png)
 
+    > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
     #### Custom Fields Tab
     Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
 
@@ -366,6 +370,8 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 
     ![WinSql Advanced Tab](docsource/images/WinSql-advanced-store-type-dialog.png)
 
+    > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX.
+
     #### Custom Fields Tab
     Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
 
