Problem:
FlexApp does not capture certificates
Possible Resolution(s):
PS1 Scripts will be necessary to accomplish this task. The scripts will have to be executed in a certain order during the capturing process.
There are 3 scripts to run.
Please read the notes below to make sure to follow the process correctly.
NOTE: Run the below in elevated PowerShell. The first part of the script needs to run BEFORE packaging the application. Make sure not to include the notes in your script.
# Define paths and variables
$certStore = "Cert:\LocalMachine\My"
$certPathBefore = "$env:TEMP\certificates_before.txt"
$certPathAfter = "$env:TEMP\certificates_after.txt"
$addedCertsPath = "$env:TEMP\added_certificates.txt"
$exportedCertsDir = "C:\Program Files\ExportedCerts"
$installCertsScriptPath = "$env:USERPROFILE\Desktop\post_activation.ps1"
$removeCertsScriptPath = "$env:USERPROFILE\Desktop\pre_deactivation.ps1"
# Function to get personal certificates and export to a file
function Get-PersonalCertificates {
param (
[string]$FilePath
)
Get-ChildItem $certStore | Select-Object Subject, Thumbprint | Sort-Object Subject | ForEach-Object { "$($_.Subject) $($_.Thumbprint)" } | Out-File -FilePath $FilePath
}
# Check current personal certificates
Get-PersonalCertificates -FilePath $certPathBefore
Write-Host "Personal certificates before application installation saved to $certPathBefore"
NOTE: Install/package the application. AFTER the application is installed do not finish the packaging process, just press any key to continue the script.
# Install any new certificates
Write-Host "Press any key to continue after any new certificates are installed..."
[System.Console]::ReadKey() | Out-Null
# Check personal certificates again
Get-PersonalCertificates -FilePath $certPathAfter
Write-Host "Personal certificates after application installation saved to $certPathAfter"
# Compare the certificate lists and get only the added certificates
$certsBefore = Get-Content $certPathBefore
$certsAfter = Get-Content $certPathAfter
# Check that both files have content before proceeding with comparison
if ($certsBefore.Count -gt 0 -and $certsAfter.Count -gt 0) {
# Filter to get only new certificates present in $certPathAfter but not in $certPathBefore
$addedCerts = Compare-Object -ReferenceObject $certsBefore -DifferenceObject $certsAfter -PassThru | Where-Object { $_.SideIndicator -eq "=>" }
# Export added certificates
$addedCerts | Out-File $addedCertsPath
Write-Host "Added certificates exported to $addedCertsPath"
# Export each added certificate to the specified directory
New-Item -ItemType Directory -Path $exportedCertsDir -Force | Out-Null
foreach ($cert in $addedCerts) {
$thumbprint = $cert.Split()[-1]
$certObj = Get-ChildItem $certStore | Where-Object { $_.Thumbprint -eq $thumbprint }
if ($certObj) {
$exportPath = Join-Path -Path $exportedCertsDir -ChildPath "$($certObj.Subject.Replace(' ', '_').Replace('CN=', ''))_$thumbprint.cer"
$certObj | Export-Certificate -FilePath $exportPath -Force | Out-Null
}
}
# Create script to remove added certificates
foreach ($cert in $addedCerts) {
$thumbprint = $cert.Split()[-1]
$removeLine = "Get-ChildItem $certStore | Where-Object { `$_.Thumbprint -eq `"$thumbprint`" } | Remove-Item -Force"
$removeLine | Out-File -Append -FilePath $removeCertsScriptPath
}
Write-Host "Pre-deactivation script created at $removeCertsScriptPath"
}
else {
$certsAfter | Out-File $addedCertsPath
Write-Host "Added certificates exported to $addedCertsPath"
# Export each added certificate to the specified directory
New-Item -ItemType Directory -Path $exportedCertsDir -Force | Out-Null
foreach ($cert in $certsAfter) {
$thumbprint = $cert.Split()[-1]
$certObj = Get-ChildItem $certStore | Where-Object { $_.Thumbprint -eq $thumbprint }
if ($certObj) {
$exportPath = Join-Path -Path $exportedCertsDir -ChildPath "$($certObj.Subject.Replace(' ', '_').Replace('CN=', ''))_$thumbprint.cer"
$certObj | Export-Certificate -FilePath $exportPath -Force | Out-Null
}
}
# Create script to remove added certificates
foreach ($cert in $certsAfter) {
$thumbprint = $cert.Split()[-1]
$removeLine = "Get-ChildItem $certStore | Where-Object { `$_.Thumbprint -eq `"$thumbprint`" } | Remove-Item -Force"
$removeLine | Out-File -Append -FilePath $removeCertsScriptPath
}
Write-Host "Pre-deactivation script created at $removeCertsScriptPath"
}
# Create script to reinstall certificates from the export directory
foreach ($certFile in Get-ChildItem -Path $exportedCertsDir -Filter *.cer) {
$installLine = "Import-Certificate -FilePath `"$($certFile.FullName)`" -CertStoreLocation $certStore | Out-Null"
$installLine | Out-File -Append -FilePath $installCertsScriptPath
}
Write-Host "Post-activation script created at $installCertsScriptPath"
# Create script to remove added certificates
foreach ($cert in $addedCerts) {
$thumbprint = $cert.Split()[-1]
$removeLine = "Get-ChildItem $certStore | Where-Object { `$_.Thumbprint -eq `"$thumbprint`" } | Remove-Item -Force"
$removeLine | Out-File -Append -FilePath $removeCertsScriptPath
}
Write-Host "Removal script created at $removeCertsScriptPath"
}
else {
$certsAfter | Out-File $addedCertsPath
Write-Host "Added certificates exported to $addedCertsPath"
# Export each added certificate to the specified directory
New-Item -ItemType Directory -Path $exportedCertsDir -Force | Out-Null
foreach ($cert in $certsAfter) {
$thumbprint = $cert.Split()[-1]
$certObj = Get-ChildItem $certStore | Where-Object { $_.Thumbprint -eq $thumbprint }
if ($certObj) {
$exportPath = Join-Path -Path $exportedCertsDir -ChildPath "$($certObj.Subject.Replace(' ', '_').Replace('CN=', ''))_$thumbprint.cer"
$certObj | Export-Certificate -FilePath $exportPath -Force | Out-Null
}
}
The application is now installed, post-activation and pre-deactivation scripts have been automatically created and saved to %USERPROFILE%\Desktop, the capture process can be completed, and scripts should be added to the package via Extend.
The raw .ps1 script has been linked to the KB and is available for download as well.
Product: ProfileUnity-FlexApp
Product Version: 6.8.7 and older
Expires on: 365 days from publish date
Updated: November 20, 2024