Cayahuanca · May 15, 2024 10:14
diff --git a/rdp-setcert.ps1 b/rdp-setcert.ps1
 # 証明書のドメイン名
 $domain = "example.com"
 # PFX のパスワード
 $pfxPassword = "P@sSw0rD"

 # WSLでスクリプトを実行し、PFXファイルのパスを取得
 $runWSL = & wsl bash -c "~/rdp-wsl-certbot.sh"
 $line = $runWSL -split "`n" | Where-Object { $_ -match "PFX_WINDOWS_PATH:" }
 $pfxWindowsPath = $line -replace "PFX_WINDOWS_PATH:\s*", ""

 # スクリプトを管理者として実行
 if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
 {
    $arguments = "& '" + $myInvocation.MyCommand.Definition + "'"
    Start-Process powershell -ArgumentList $arguments -Verb RunAs
    Exit
 }

 # 証明書を検索してハッシュを取得
 $certificate = (dir cert:\LocalMachine\My | Out-String -Stream | Select-String $domain | Select-Object -First 1).Line
 $hash = $certificate -split ' ' | Select-Object -First 1

 # 古い証明書を削除
 if ($hash) {
    certutil -delstore my $hash
 }

 # 新しい証明書をインポート
 # 保存場所に合わせてパスを変更
 certutil -p $pfxPassword -ImportPFX pfxWindowsPath

 # 新しい証明書を検索してハッシュを取得
 $certificate = (dir cert:\LocalMachine\My | Out-String -Stream | Select-String $domain | Select-Object -First 1).Line
 $newHash = $certificate -split ' ' | Select-Object -First 1

 # 新しい証明書のハッシュを使用して設定
 # wmic /namespace:\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=$newHash
 $hashTable = @{SSLCertificateSHA1Hash=$newHash}
 $path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path

 Set-WmiInstance -Path $path -argument $hashTable
diff --git a/rdp-wsl-certbot.sh b/rdp-wsl-certbot.sh
 #!/bin/bash

 CERT_DIR=~/cert
 CONF_DIR=$CERT_DIR/conf
 WORK_DIR=$CERT_DIR/work
 LOG_DIR=$CERT_DIR/log
 CLOUDFLARE_CREDENTIALS=$CERT_DIR/cloudflare
 CLOUDFLARE_API_KEY=YOURAPIKEYAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 [email protected]
 CERT_DOMAIN=example.com
 PFX_OUTPUT=$CERT_DIR/$CERT_DOMAIN.pfx
 PFX_PASSWORD=P@sSw0rD

 # ディレクトリが存在しない場合は作成
 [ ! -d $CERT_DIR ] && mkdir -p $CERT_DIR && chmod 700 $CERT_DIR
 [ ! -d $CONF_DIR ] && mkdir -p $CONF_DIR
 [ ! -d $WORK_DIR ] && mkdir -p $WORK_DIR
 [ ! -d $LOG_DIR ] && mkdir -p $LOG_DIR

 # Cloudflare APIキーを保存
 if [ ! -f $CLOUDFLARE_CREDENTIALS ]; then
    echo "dns_cloudflare_api_token=$CLOUDFLARE_API_KEY" > $CLOUDFLARE_CREDENTIALS
    chmod 600 $CLOUDFLARE_CREDENTIALS
 fi

 # 証明書の取得または更新
 if [ -f $CONF_DIR/live/$CERT_DOMAIN/fullchain.pem ]; then
    certbot renew --config-dir $CONF_DIR --work-dir $WORK_DIR --logs-dir $LOG_DIR
 else
    certbot certonly --agree-tos --config-dir $CONF_DIR --work-dir $WORK_DIR --logs-dir $LOG_DIR \
        --dns-cloudflare --dns-cloudflare-credentials $CLOUDFLARE_CREDENTIALS --dns-cloudflare-propagation-seconds 75 \
        -m $CERTBOT_MAIL -d $CERT_DOMAIN -d *.$CERT_DOMAIN
 fi

 # 証明書をPFX形式に変換
 openssl pkcs12 -export -out $PFX_OUTPUT -passout pass:$PFX_PASSWORD -inkey $CONF_DIR/live/$CERT_DOMAIN/privkey.pem -in $CONF_DIR/live/$CERT_DOMAIN/fullchain.pem

 # Windows 側でのパスを取得
 PFX_WINDOWS_PATH=$(wslpath -w $PFX_OUTPUT)

 echo "PFX_WINDOWS_PATH: $PFX_WINDOWS_PATH"
	# 証明書のドメイン名
	$domain = "example.com"
	# PFX のパスワード
	$pfxPassword = "P@sSw0rD"

	# WSLでスクリプトを実行し、PFXファイルのパスを取得
	$runWSL = & wsl bash -c "~/rdp-wsl-certbot.sh"
	$line = $runWSL -split "`n" \| Where-Object { $_ -match "PFX_WINDOWS_PATH:" }
	$pfxWindowsPath = $line -replace "PFX_WINDOWS_PATH:\s*", ""

	# スクリプトを管理者として実行
	if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
	{
	$arguments = "& '" + $myInvocation.MyCommand.Definition + "'"
	Start-Process powershell -ArgumentList $arguments -Verb RunAs
	Exit
	}

	# 証明書を検索してハッシュを取得
	$certificate = (dir cert:\LocalMachine\My \| Out-String -Stream \| Select-String $domain \| Select-Object -First 1).Line
	$hash = $certificate -split ' ' \| Select-Object -First 1

	# 古い証明書を削除
	if ($hash) {
	certutil -delstore my $hash
	}

	# 新しい証明書をインポート
	# 保存場所に合わせてパスを変更
	certutil -p $pfxPassword -ImportPFX pfxWindowsPath

	# 新しい証明書を検索してハッシュを取得
	$certificate = (dir cert:\LocalMachine\My \| Out-String -Stream \| Select-String $domain \| Select-Object -First 1).Line
	$newHash = $certificate -split ' ' \| Select-Object -First 1

	# 新しい証明書のハッシュを使用して設定
	# wmic /namespace:\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=$newHash
	$hashTable = @{SSLCertificateSHA1Hash=$newHash}
	$path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path

	Set-WmiInstance -Path $path -argument $hashTable
	#!/bin/bash

	CERT_DIR=~/cert
	CONF_DIR=$CERT_DIR/conf
	WORK_DIR=$CERT_DIR/work
	LOG_DIR=$CERT_DIR/log
	CLOUDFLARE_CREDENTIALS=$CERT_DIR/cloudflare
	CLOUDFLARE_API_KEY=YOURAPIKEYAAAAAAAAAAAAAAAAAAAAAAAAAAAA
	[email protected]
	CERT_DOMAIN=example.com
	PFX_OUTPUT=$CERT_DIR/$CERT_DOMAIN.pfx
	PFX_PASSWORD=P@sSw0rD

	# ディレクトリが存在しない場合は作成
	[ ! -d $CERT_DIR ] && mkdir -p $CERT_DIR && chmod 700 $CERT_DIR
	[ ! -d $CONF_DIR ] && mkdir -p $CONF_DIR
	[ ! -d $WORK_DIR ] && mkdir -p $WORK_DIR
	[ ! -d $LOG_DIR ] && mkdir -p $LOG_DIR

	# Cloudflare APIキーを保存
	if [ ! -f $CLOUDFLARE_CREDENTIALS ]; then
	echo "dns_cloudflare_api_token=$CLOUDFLARE_API_KEY" > $CLOUDFLARE_CREDENTIALS
	chmod 600 $CLOUDFLARE_CREDENTIALS
	fi

	# 証明書の取得または更新
	if [ -f $CONF_DIR/live/$CERT_DOMAIN/fullchain.pem ]; then
	certbot renew --config-dir $CONF_DIR --work-dir $WORK_DIR --logs-dir $LOG_DIR
	else
	certbot certonly --agree-tos --config-dir $CONF_DIR --work-dir $WORK_DIR --logs-dir $LOG_DIR \
	--dns-cloudflare --dns-cloudflare-credentials $CLOUDFLARE_CREDENTIALS --dns-cloudflare-propagation-seconds 75 \
	-m $CERTBOT_MAIL -d $CERT_DOMAIN -d *.$CERT_DOMAIN
	fi

	# 証明書をPFX形式に変換
	openssl pkcs12 -export -out $PFX_OUTPUT -passout pass:$PFX_PASSWORD -inkey $CONF_DIR/live/$CERT_DOMAIN/privkey.pem -in $CONF_DIR/live/$CERT_DOMAIN/fullchain.pem

	# Windows 側でのパスを取得
	PFX_WINDOWS_PATH=$(wslpath -w $PFX_OUTPUT)

	echo "PFX_WINDOWS_PATH: $PFX_WINDOWS_PATH"