functions/Restore-DbaDatabaseCertificate.ps1
function Restore-DbaDatabaseCertificate { <# .SYNOPSIS Imports certificates from .cer files using SMO. .DESCRIPTION Imports certificates from.cer files using SMO. .PARAMETER SqlInstance The SQL Server to create the certificates on. .PARAMETER Path The Path the contains the certificate and private key files. The path can be a directory or a specific certificate. .PARAMETER SqlCredential Allows you to login to servers using SQL Logins as opposed to Windows Auth/Integrated/Trusted. To use: $scred = Get-Credential, this pass $scred object to the param. Windows Authentication will be used if DestinationSqlCredential is not specified. To connect as a different Windows user, run PowerShell as that user. .PARAMETER Password Secure string used to decrypt the private key. .PARAMETER Database The database where the certificate imports into. Defaults to master. .PARAMETER WhatIf Shows what would happen if the command were to run. No actions are actually performed. .PARAMETER Confirm Prompts you for confirmation before executing any changing operations within the command. .PARAMETER Silent Use this switch to disable any kind of verbose messages .NOTES Tags: Migration, Certificate Original Author: Jess Pomfret (@jpomfret) Website: https://dbatools.io Copyright: (C) Chrissy LeMaire, clemaire@gmail.com License: GNU GPL v3 https://opensource.org/licenses/GPL-3.0 .EXAMPLE Restore-DbaDatabaseCertificate -SqlInstance Server1 -Path \\Server1\Certificates -password (ConvertTo-SecureString -force -AsPlainText GoodPass1234!!) Imports all the certificates in the specified path. #> [CmdletBinding(DefaultParameterSetName = "Default", SupportsShouldProcess = $true)] param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [Alias("ServerInstance", "SqlServer")] [DbaInstanceParameter]$SqlInstance, [PSCredential]$SqlCredential, [parameter(Mandatory = $true, ValueFromPipeline = $true)] [object[]]$Path, [object]$Database = "master", [Security.SecureString]$Password = (Read-Host "Password" -AsSecureString), [switch]$Silent ) begin { function new-smocert ($directory, $certname) { if ($Pscmdlet.ShouldProcess("$cert on $SqlInstance", "Importing Certificate")) { $smocert = New-Object Microsoft.SqlServer.Management.Smo.Certificate $smocert.Name = $certname $smocert.Parent = $server.Databases[$Database] Write-Message -Level Verbose -Message "Creating Certificate: $certname" try { $fullcertname = "$directory\$certname.cer" $privatekey = "$directory\$certname.pvk" Write-Message -Level Verbose -Message "Full certificate path: $fullcertname" Write-Message -Level Verbose -Message "Private key: $privatekey" $smocert.Create($fullcertname, 1, $privatekey, [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($password))) } catch { Write-Message -Level Warning -Message $_ -ErrorRecord $_ -Target $instance } } } try { Write-Message -Level Verbose -Message "Connecting to $SqlInstance" $server = Connect-SqlInstance -SqlInstance $SqlInstance -SqlCredential $sqlcredential } catch { Stop-Function -Message "Failed to connect to: $SqlInstance" -Target $SqlInstance -InnerErrorRecord $_ return } } process { if (Test-FunctionInterrupt) { return } foreach ($fullname in $path) { if (![dbavalidate]::IsLocalhost($SqlInstance) -and !$fullname.StartsWith('\')) { Stop-Function -Message "Path ($fullname) must be a UNC share when SQL instance is not local." -Continue -Target $fullname } if (!(Test-DbaSqlPath -SqlInstance $server -Path $fullname)) { Stop-Function -Message "$SqlInstance cannot access $fullname" -Continue -Target $fullname } $item = Get-Item $fullname if ($item -is [System.IO.DirectoryInfo]) { foreach ($cert in (Get-ChildItem $fullname\* -Include *.crt, *.cer)) { new-smocert -directory $fullname -certname $cert.BaseName } } else { $directory = Split-Path $fullname new-smocert -directory $directory -certname $item.BaseName } } } } |