Pipelines/Steps/Install/OnPrem/Sitecore/XP/Scaled/9.2/0/createcert.json

{
    "Parameters": {
        "CertificateName": {
            "Type": "String",
            "Description": "The name of the certificate to be created.",
            "DefaultValue": ""
        },
        "CertPath": {
            "Type": "String",
            "Description": "The physical path on disk where certificates will be stored.",
            "DefaultValue": "C:\\certificates"
        },
        "RootCertFileName": {
            "Type": "String",
            "Description": "The file name of the root certificate to be created.",
            "DefaultValue": "SitecoreRootCert"
        },
        "ExportPassword": {
            "Type": "String",
            "Description": "Password to export certificates with.",
            "DefaultValue": "SIF-Default"
        }
    },
    "Variables": {
        "Root.Cert.DnsName": "[concat('DO_NOT_TRUST_', parameter('RootCertFileName'))]",
        "Root.Cert.Store": "Cert:\\LocalMachine\\Root",
        "Client.Cert.Store": "Cert:\\LocalMachine\\My",
        "Export.Password": "[if(variable('User.Supplied.Password'),variable('Secure.Password'),variable('Convert.User.Password'))]",
        "User.Supplied.Password": "[equal(parameter('ExportPassword'),'SIF-Default')]",
        "Secure.Password": "[ConvertToSecureString(String:variable('Password.String'),AsPlainText:true,Force:true)]",
        "Password.String": "[RandomString(Length:20,EnforceComplexity:True)]",
        "Convert.User.Password": "[ConvertToSecureString(String:parameter('ExportPassword'),AsPlainText:true,Force:true)]"
    },
    "Register": {
        "Tasks": {
            "WriteInformation": "Write-Information"
        },
        "ConfigFunction": {
            "ConvertToSecureString": "ConvertTo-SecureString"
        }
    },
    "Tasks": {
        "CreatePaths": {
            "Description": "Create the physical disk path.",
            "Type": "EnsurePath",
            "Params": {
                "Exists": [
                    "[parameter('CertPath')]"
                ]
            }
        },
        "DisplayPassword": {
            "Description": "Print password if the user hasn't supplied their own.",
            "Type": "WriteInformation",
            "Params": {
                "Messagedata": "[concat('Certificate Password: ',variable('Password.String'))]",
                "InformationAction": "Continue"
            },
            "Skip": "[not(variable('User.Supplied.Password'))]"
        },
        "CreateRootCert": {
            "Description": "Create the root certificate.",
            "Type": "NewRootCertificate",
            "Params": {
                "Path": "[parameter('CertPath')]",
                "Name": "[parameter('RootCertFileName')]",
                "DnsName": [
                    "[variable('Root.Cert.DnsName')]",
                    "127.0.0.1"
                ],
                "IncludePrivateKey": true,
                "Password": "[variable('Export.Password')]"
            }
        },
        "CreateSignedCert": {
            "Description": "Create a certificate signed by the root authority.",
            "Type": "NewSignedCertificate",
            "Params": {
                "Signer": "[GetCertificate(variable('Root.Cert.DnsName'), variable('Root.Cert.Store'))]",
                "Path": "[parameter('CertPath')]",
                "CertStoreLocation": "[variable('Client.Cert.Store')]",
                "Name": "[parameter('CertificateName')]",
                "DnsName": [
                    "[parameter('CertificateName')]",
                    "127.0.0.1"
                ],
                "IncludePrivateKey": true,
                "Password": "[variable('Export.Password')]"
            }
        }
    }
}