2

I'm building a script that will download and install a bunch of programs. One of those programs depends on a virtual driver, which needs its certificate to be imported in order to function. Normally, the installer does this for you in the GUI and just pops up a confirmation dialog asking if you trust this driver. However, that interruption is unacceptable for the script I'm writing.

I have found a way to export the certificate via the file properties GUI and can import that file with the script, thus allowing me to install without any user interaction. However, in order to deploy and fully automate this script, I need to also be able to export the certificate file from the installer via the script. Can this be done?

MrDrMcCoy
  • 184
  • 9
  • This is generally doable, but specifically how would require specificity on your part as well. In general, unpack/extract the installer to a location, and then search that location for the certificate file. – HopelessN00b Sep 27 '12 at 20:04
  • The application in question is Virtual CloneDrive, which uses a Nullsoft installer. I've tried telling it to extract to a directory, but it doesn't produce a certificate file. Exploring it with 7-zip doesn't seem to give me a valid certificate file either. The certificate utility built in to Windows Explorer can get the file, but I need to script that. Does that make more sense? – MrDrMcCoy Sep 28 '12 at 18:27

1 Answers1

3

The whole process can be done in powershell using the X509Certificate class available in the .Net framework.

The first thing you need to do is get the cert file from the signed file. This is done using the CreateFromCertFile function. Just take note that the function can only take full paths and not relative ones.

You can then open up the certificate store on the local computer and import the certificate. To write into the Local Machine store, this needs to be executed as an administrator.

Add-Type -AssemblyName System.Security

# Create a new certificate extracted from the signed file.
$certificate = [System.Security.Cryptography.X509Certificates.X509Certificate]::CreateFromCertFile('c:\temp\SetupVirtualCloneDrive5450.exe')

# Open the Trusted Publishers cert store and add the certificate in.
$cert_store = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList 'TrustedPublisher', 'LocalMachine' | ForEach-Object {

    $_.Open('ReadWrite')
    $_.Add($certificate)
    $_.Close()
}

FYI, I used this method to install VirtualBox Guest Additions that also had driver prompts.

MFT
  • 400
  • 2
  • 9