Initial commit: DashCaddy v1.0
Full codebase including API server (32 modules + routes), dashboard frontend, DashCA certificate distribution, installer script, and deployment skills.
This commit is contained in:
120
dashcaddy-api/scripts/install-ca.ps1.template
Normal file
120
dashcaddy-api/scripts/install-ca.ps1.template
Normal file
@@ -0,0 +1,120 @@
|
||||
#Requires -RunAsAdministrator
|
||||
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Installs the DashCaddy Root CA certificate to the Trusted Root Certification Authorities store.
|
||||
|
||||
.DESCRIPTION
|
||||
This script downloads the root CA certificate from your DashCaddy instance, verifies its fingerprint,
|
||||
and installs it to the local machine's trusted root store.
|
||||
#>
|
||||
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
# ==========================================
|
||||
# CONFIGURATION (Injected by DashCaddy API)
|
||||
# ==========================================
|
||||
$CertUrl = "{{CERT_URL}}"
|
||||
$ExpectedFingerprint = "{{CERT_FINGERPRINT}}"
|
||||
# ==========================================
|
||||
|
||||
$TempFile = "$env:TEMP\dashcaddy-root-ca.crt"
|
||||
|
||||
# Colors
|
||||
$Red = [System.ConsoleColor]::Red
|
||||
$Green = [System.ConsoleColor]::Green
|
||||
$Cyan = [System.ConsoleColor]::Cyan
|
||||
$Yellow = [System.ConsoleColor]::Yellow
|
||||
|
||||
Write-Host ""
|
||||
Write-Host "========================================" -ForegroundColor $Cyan
|
||||
Write-Host " DashCaddy Certificate Installer" -ForegroundColor $Cyan
|
||||
Write-Host "========================================" -ForegroundColor $Cyan
|
||||
Write-Host ""
|
||||
|
||||
# Step 1: Download certificate
|
||||
Write-Host "[1/4] Downloading certificate..." -ForegroundColor $Cyan
|
||||
try {
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
|
||||
# Bypass SSL validation — the user doesn't trust the CA yet, that's the whole point
|
||||
if (-not ([System.Management.Automation.PSTypeName]'TrustAllCertsPolicy').Type) {
|
||||
Add-Type @"
|
||||
using System.Net;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
public class TrustAllCertsPolicy : ICertificatePolicy {
|
||||
public bool CheckValidationResult(ServicePoint sp, X509Certificate cert, WebRequest req, int problem) { return true; }
|
||||
}
|
||||
"@
|
||||
}
|
||||
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
|
||||
|
||||
Invoke-WebRequest -Uri $CertUrl -OutFile $TempFile -UseBasicParsing -ErrorAction Stop
|
||||
Write-Host " OK Certificate downloaded" -ForegroundColor $Green
|
||||
} catch {
|
||||
Write-Host " FAIL Failed to download certificate from $CertUrl" -ForegroundColor $Red
|
||||
Write-Host " Error: $_" -ForegroundColor $Red
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Step 2: Verify fingerprint
|
||||
Write-Host "[2/4] Verifying certificate fingerprint..." -ForegroundColor $Cyan
|
||||
try {
|
||||
$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($TempFile)
|
||||
$Fingerprint = $Cert.Thumbprint
|
||||
|
||||
$NormalizedExpected = $ExpectedFingerprint -replace '[:\s]', ''
|
||||
$NormalizedActual = $Fingerprint -replace '[:\s]', ''
|
||||
|
||||
if ($NormalizedActual -ne $NormalizedExpected) {
|
||||
Write-Host " FAIL Fingerprint mismatch!" -ForegroundColor $Red
|
||||
Write-Host " Expected: $ExpectedFingerprint" -ForegroundColor $Yellow
|
||||
Write-Host " Got: $Fingerprint" -ForegroundColor $Red
|
||||
Remove-Item $TempFile -Force
|
||||
Write-Host ""
|
||||
Write-Host "SECURITY WARNING: The downloaded certificate does not match the expected fingerprint." -ForegroundColor $Red
|
||||
exit 1
|
||||
}
|
||||
Write-Host " OK Fingerprint verified" -ForegroundColor $Green
|
||||
} catch {
|
||||
Write-Host " FAIL Failed to verify fingerprint: $_" -ForegroundColor $Red
|
||||
Remove-Item $TempFile -Force -ErrorAction SilentlyContinue
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Step 3: Check if already installed
|
||||
Write-Host "[3/4] Checking for existing certificate..." -ForegroundColor $Cyan
|
||||
$ExistingCert = Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object { $_.Thumbprint -eq $Fingerprint }
|
||||
if ($ExistingCert) {
|
||||
Write-Host " INFO Certificate already installed" -ForegroundColor $Yellow
|
||||
Remove-Item $TempFile -Force
|
||||
Write-Host ""
|
||||
Write-Host "The DashCaddy Root CA is already trusted on this system." -ForegroundColor $Green
|
||||
Start-Sleep -Seconds 3
|
||||
exit 0
|
||||
}
|
||||
Write-Host " OK Not yet installed, proceeding..." -ForegroundColor $Green
|
||||
|
||||
# Step 4: Install certificate
|
||||
Write-Host "[4/4] Installing to Trusted Root store..." -ForegroundColor $Cyan
|
||||
try {
|
||||
$ImportedCert = Import-Certificate -FilePath $TempFile -CertStoreLocation Cert:\LocalMachine\Root -ErrorAction Stop
|
||||
Write-Host " OK Certificate installed successfully" -ForegroundColor $Green
|
||||
} catch {
|
||||
Write-Host " FAIL Failed to install certificate. Ensure you are running as Administrator." -ForegroundColor $Red
|
||||
Remove-Item $TempFile -Force -ErrorAction SilentlyContinue
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Cleanup
|
||||
Remove-Item $TempFile -Force -ErrorAction SilentlyContinue
|
||||
|
||||
Write-Host ""
|
||||
Write-Host "========================================" -ForegroundColor $Green
|
||||
Write-Host " SUCCESS!" -ForegroundColor $Green
|
||||
Write-Host "========================================" -ForegroundColor $Green
|
||||
Write-Host ""
|
||||
Write-Host "Your browser will now trust DashCaddy apps." -ForegroundColor $Green
|
||||
Write-Host "You may need to restart your browser for changes to take effect." -ForegroundColor $Yellow
|
||||
Write-Host ""
|
||||
Start-Sleep -Seconds 3
|
||||
Reference in New Issue
Block a user