valorad · January 18, 2025 08:07 · manikumarnune123 · Jul 14, 2023 · echu2013 · Dec 11, 2023
diff --git a/Export-UntrustedGuardian.ps1 b/Export-UntrustedGuardian.ps1
 $GuardianName = 'UntrustedGuardian'
 $CertificatePassword = Read-Host -Prompt 'Please enter a password to secure the certificate files' -AsSecureString

 $guardian = Get-HgsGuardian -Name $GuardianName

 if (-not $guardian)
 {
    throw "Guardian '$GuardianName' could not be found on the local system."
 }

 $encryptionCertificate = Get-Item -Path "Cert:\LocalMachine\Shielded VM Local Certificates\$($guardian.EncryptionCertificate.Thumbprint)"
 $signingCertificate = Get-Item -Path "Cert:\LocalMachine\Shielded VM Local Certificates\$($guardian.SigningCertificate.Thumbprint)"

 if (-not ($encryptionCertificate.HasPrivateKey -and $signingCertificate.HasPrivateKey))
 {
    throw 'One or both of the certificates in the guardian do not have private keys. ' + `
          'Please ensure the private keys are available on the local system for this guardian.'
 }

 Export-PfxCertificate -Cert $encryptionCertificate -FilePath ".\$GuardianName-encryption.pfx" -Password $CertificatePassword
 Export-PfxCertificate -Cert $signingCertificate -FilePath ".\$GuardianName-signing.pfx" -Password $CertificatePassword

 # Adapted from https://nathanblasac.com/error-when-migrating-hyper-v-vm-lab-to-different-host-the-key-protector-could-not-be-unwrapped-f6174f68a860
diff --git a/Import-UntrustedGuardian.ps1 b/Import-UntrustedGuardian.ps1
 $NameOfGuardian = 'previous-host-name-unTG'
 $CertificatePassword = Read-Host -Prompt 'Please enter the password that was used to secure the certificate files' -AsSecureString
 New-HgsGuardian -Name $NameOfGuardian -SigningCertificate ".\$NameOfGuardian-signing.pfx" -SigningCertificatePassword $CertificatePassword -EncryptionCertificate ".\$NameOfGuardian-encryption.pfx" -EncryptionCertificatePassword $CertificatePassword -AllowExpired -AllowUntrustedRoot

 # Adapted from https://nathanblasac.com/error-when-migrating-hyper-v-vm-lab-to-different-host-the-key-protector-could-not-be-unwrapped-f6174f68a860
	$GuardianName = 'UntrustedGuardian'
	$CertificatePassword = Read-Host -Prompt 'Please enter a password to secure the certificate files' -AsSecureString

	$guardian = Get-HgsGuardian -Name $GuardianName

	if (-not $guardian)
	{
	throw "Guardian '$GuardianName' could not be found on the local system."
	}

	$encryptionCertificate = Get-Item -Path "Cert:\LocalMachine\Shielded VM Local Certificates\$($guardian.EncryptionCertificate.Thumbprint)"
	$signingCertificate = Get-Item -Path "Cert:\LocalMachine\Shielded VM Local Certificates\$($guardian.SigningCertificate.Thumbprint)"

	if (-not ($encryptionCertificate.HasPrivateKey -and $signingCertificate.HasPrivateKey))
	{
	throw 'One or both of the certificates in the guardian do not have private keys. ' + `
	'Please ensure the private keys are available on the local system for this guardian.'
	}

	Export-PfxCertificate -Cert $encryptionCertificate -FilePath ".\$GuardianName-encryption.pfx" -Password $CertificatePassword
	Export-PfxCertificate -Cert $signingCertificate -FilePath ".\$GuardianName-signing.pfx" -Password $CertificatePassword

	# Adapted from https://nathanblasac.com/error-when-migrating-hyper-v-vm-lab-to-different-host-the-key-protector-could-not-be-unwrapped-f6174f68a860
	$NameOfGuardian = 'previous-host-name-unTG'
	$CertificatePassword = Read-Host -Prompt 'Please enter the password that was used to secure the certificate files' -AsSecureString
	New-HgsGuardian -Name $NameOfGuardian -SigningCertificate ".\$NameOfGuardian-signing.pfx" -SigningCertificatePassword $CertificatePassword -EncryptionCertificate ".\$NameOfGuardian-encryption.pfx" -EncryptionCertificatePassword $CertificatePassword -AllowExpired -AllowUntrustedRoot

	# Adapted from https://nathanblasac.com/error-when-migrating-hyper-v-vm-lab-to-different-host-the-key-protector-could-not-be-unwrapped-f6174f68a860