Initial commit: DashCaddy v1.0
Full codebase including API server (32 modules + routes), dashboard frontend, DashCA certificate distribution, installer script, and deployment skills.
This commit is contained in:
132
ca/scripts/install.ps1
Normal file
132
ca/scripts/install.ps1
Normal file
@@ -0,0 +1,132 @@
|
||||
#Requires -RunAsAdministrator
|
||||
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Installs the Sami Home Network Root CA certificate to the Trusted Root Certification Authorities store.
|
||||
|
||||
.DESCRIPTION
|
||||
This script downloads the root CA certificate from ca.sami, verifies its fingerprint,
|
||||
and installs it to the local machine's trusted root store. This allows all *.sami domains
|
||||
to be trusted system-wide without browser warnings.
|
||||
|
||||
.NOTES
|
||||
Requires Administrator privileges.
|
||||
For use with DashCA - https://ca.sami
|
||||
#>
|
||||
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
# Configuration
|
||||
$CertUrl = "https://ca.sami/root.crt"
|
||||
$ExpectedFingerprint = "0898A563F5A1A2585F02D7A8A25487E6BC33969F9B5DB053622 07FAF9621290E"
|
||||
$TempFile = "$env:TEMP\sami-root-ca.crt"
|
||||
|
||||
# Colors
|
||||
$Red = [System.ConsoleColor]::Red
|
||||
$Green = [System.ConsoleColor]::Green
|
||||
$Cyan = [System.ConsoleColor]::Cyan
|
||||
$Yellow = [System.ConsoleColor]::Yellow
|
||||
|
||||
Write-Host ""
|
||||
Write-Host "========================================" -ForegroundColor $Cyan
|
||||
Write-Host " DashCA Installer" -ForegroundColor $Cyan
|
||||
Write-Host " Sami Home Network Root CA" -ForegroundColor $Cyan
|
||||
Write-Host "========================================" -ForegroundColor $Cyan
|
||||
Write-Host ""
|
||||
|
||||
# Step 1: Download certificate
|
||||
Write-Host "[1/4] Downloading certificate from $CertUrl..." -ForegroundColor $Cyan
|
||||
try {
|
||||
$ProgressPreference = 'SilentlyContinue' # Disable progress bar for faster download
|
||||
Invoke-WebRequest -Uri $CertUrl -OutFile $TempFile -UseBasicParsing -ErrorAction Stop
|
||||
Write-Host " ✓ Certificate downloaded" -ForegroundColor $Green
|
||||
} catch {
|
||||
Write-Host " ✗ Failed to download certificate" -ForegroundColor $Red
|
||||
Write-Host " Error: $_" -ForegroundColor $Red
|
||||
Write-Host ""
|
||||
Write-Host "Troubleshooting:" -ForegroundColor $Yellow
|
||||
Write-Host " - Ensure you are on the Tailnet/network where ca.sami is accessible" -ForegroundColor $Yellow
|
||||
Write-Host " - Try accessing https://ca.sami in your browser first" -ForegroundColor $Yellow
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Step 2: Verify fingerprint
|
||||
Write-Host "[2/4] Verifying certificate fingerprint..." -ForegroundColor $Cyan
|
||||
try {
|
||||
$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($TempFile)
|
||||
$Fingerprint = $Cert.Thumbprint
|
||||
|
||||
$NormalizedExpected = $ExpectedFingerprint -replace '[:\s]', ''
|
||||
$NormalizedActual = $Fingerprint -replace '[:\s]', ''
|
||||
|
||||
if ($NormalizedActual -ne $NormalizedExpected) {
|
||||
Write-Host " ✗ Fingerprint mismatch!" -ForegroundColor $Red
|
||||
Write-Host " Expected: $ExpectedFingerprint" -ForegroundColor $Yellow
|
||||
Write-Host " Got: $Fingerprint" -ForegroundColor $Red
|
||||
Remove-Item $TempFile -Force
|
||||
Write-Host ""
|
||||
Write-Host "SECURITY WARNING: The downloaded certificate does not match the expected fingerprint." -ForegroundColor $Red
|
||||
Write-Host "This could indicate a man-in-the-middle attack or certificate renewal." -ForegroundColor $Red
|
||||
Write-Host "Please verify with your network administrator before proceeding." -ForegroundColor $Red
|
||||
exit 1
|
||||
}
|
||||
|
||||
Write-Host " ✓ Fingerprint verified: $Fingerprint" -ForegroundColor $Green
|
||||
} catch {
|
||||
Write-Host " ✗ Failed to verify fingerprint" -ForegroundColor $Red
|
||||
Write-Host " Error: $_" -ForegroundColor $Red
|
||||
Remove-Item $TempFile -Force -ErrorAction SilentlyContinue
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Step 3: Check if already installed
|
||||
Write-Host "[3/4] Checking for existing certificate..." -ForegroundColor $Cyan
|
||||
$ExistingCert = Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object { $_.Thumbprint -eq $Fingerprint }
|
||||
if ($ExistingCert) {
|
||||
Write-Host " ℹ Certificate already installed" -ForegroundColor $Yellow
|
||||
Write-Host " Subject: $($ExistingCert.Subject)" -ForegroundColor $Yellow
|
||||
Write-Host " Not After: $($ExistingCert.NotAfter)" -ForegroundColor $Yellow
|
||||
Remove-Item $TempFile -Force
|
||||
Write-Host ""
|
||||
Write-Host "The Sami Home Network Root CA is already trusted on this system." -ForegroundColor $Green
|
||||
Write-Host "No further action needed!" -ForegroundColor $Green
|
||||
Write-Host ""
|
||||
exit 0
|
||||
}
|
||||
Write-Host " ✓ Certificate not yet installed, proceeding..." -ForegroundColor $Green
|
||||
|
||||
# Step 4: Install certificate
|
||||
Write-Host "[4/4] Installing certificate to Trusted Root store..." -ForegroundColor $Cyan
|
||||
try {
|
||||
$ImportedCert = Import-Certificate -FilePath $TempFile -CertStoreLocation Cert:\LocalMachine\Root -ErrorAction Stop
|
||||
Write-Host " ✓ Certificate installed successfully" -ForegroundColor $Green
|
||||
Write-Host " Subject: $($ImportedCert.Subject)" -ForegroundColor $Green
|
||||
Write-Host " Thumbprint: $($ImportedCert.Thumbprint)" -ForegroundColor $Green
|
||||
} catch {
|
||||
Write-Host " ✗ Failed to install certificate" -ForegroundColor $Red
|
||||
Write-Host " Error: $_" -ForegroundColor $Red
|
||||
Remove-Item $TempFile -Force -ErrorAction SilentlyContinue
|
||||
Write-Host ""
|
||||
Write-Host "Installation failed. Please ensure you are running as Administrator." -ForegroundColor $Red
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Cleanup
|
||||
Remove-Item $TempFile -Force -ErrorAction SilentlyContinue
|
||||
|
||||
Write-Host ""
|
||||
Write-Host "========================================" -ForegroundColor $Green
|
||||
Write-Host " SUCCESS!" -ForegroundColor $Green
|
||||
Write-Host "========================================" -ForegroundColor $Green
|
||||
Write-Host ""
|
||||
Write-Host "The Sami Home Network Root CA has been installed to your Trusted Root store." -ForegroundColor $Green
|
||||
Write-Host ""
|
||||
Write-Host "What's next:" -ForegroundColor $Cyan
|
||||
Write-Host " ✓ All *.sami domains will now be trusted system-wide" -ForegroundColor $Green
|
||||
Write-Host " ✓ Browsers (Edge, Chrome, Firefox) will no longer show security warnings" -ForegroundColor $Green
|
||||
Write-Host " ✓ Applications will trust HTTPS connections to your local services" -ForegroundColor $Green
|
||||
Write-Host ""
|
||||
Write-Host "Test it out:" -ForegroundColor $Cyan
|
||||
Write-Host " Visit https://status.sami or any other *.sami service" -ForegroundColor $Yellow
|
||||
Write-Host " The connection should show as secure with no warnings" -ForegroundColor $Yellow
|
||||
Write-Host ""
|
||||
Reference in New Issue
Block a user