Created
April 11, 2024 15:25
-
-
Save infamousjoeg/8b4e266d521d4edb49af6ff23bcb7d70 to your computer and use it in GitHub Desktop.
Client Certificate Authentication with Central Credential Provider (CCP) in PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## USER VARIABLES | |
################# | |
# Specify the path to your .pfx file and its password | |
$pfxPath = "/Users/joe.garcia/OneDrive - CyberArk Ltd/Software/Certificates/ccp_clientcert_bundle.pfx" | |
# Define the URI for the CCP API | |
$uri = "https://cyberark.joegarcia.dev/AIMWebService/api/Accounts" | |
$appId = "Test" | |
$safe = "TestSafe" | |
$object = "Operating System-WinDomain-127.0.0.1-testaccount" | |
## END USER VARIABLES | |
##################### | |
# Prompt for the .pfx password | |
$pfxPassword = Read-Host -Prompt "Enter the password for the .pfx file" -AsSecureString | |
# Convert the secure string password to plain text | |
$ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pfxPassword) | |
# Load the .pfx file | |
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($pfxPath, ([System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ptr))) | |
# Don't forget to clean up the pointer after use to avoid leaving the plain text password in memory | |
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ptr) | |
# Construct the URI with the query parameters | |
$ccpUri = $uri + "?" + "AppID=$appId" + "&Safe=$safe" + "&Object=$object" | |
# Send the request to the CCP API | |
$response = Invoke-RestMethod -Uri $ccpUri -Method Get -Certificate $cert -ContentType "application/json" | |
# Output the response | |
Write-Output $response |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment