$Config = 'localhost\ООО "Рога и копыта"'
$Value = 'localhost\ООО "Рога и копыта"'
$KeyContainerName = 'fcc182ee-1c16-434a-8b1d-b38088a4ac0d'
$ProviderType = '75'
$ProviderName = 'Crypto-Pro GOST R 34.10-2001 Cryptographic Service Provider'
$KeyLength = '512'
$HashAlgorithm = '1.2.643.2.2.9'
$CertTemplate = '1.2.643.2.2.46.0.4'
$WebSite = '1'
$HttpsPort = '443'

function GetCAInfo
{
param($Config, $ClientCredentials)

$pairs = $Config -split '\\'
if($pairs.length -ne 2)
{
$pairs = $Config -split '#'
}

if($pairs.length -ne 2)
{
throw ('Не удается выделить имя ЦС для строки подключения:' + $Config)
}

$authHost = $pairs[0]
$authName = $pairs[1]

[CryptoPro.PkiClient.AssemblyResolver]::Load('CertificateService.Client') > $null;
if($ClientCredentials -ne $null)
{
$submit = (new-object CertificateService.Client.WcfCaClientProvider ($authHost, $ClientCredentials)).CreateCertRequest()
}
else
{
$submit = (new-object CertificateService.Client.DcomCaClientProvider ($authHost)).CreateCertRequest()
}

$caInfo = $submit.GetCAInfo($authName)
return $caInfo
}

function Prompt
{
param([scriptblock]$WouldPromtDelegate, $PromptMessage, $ErrorMessage, [switch]$ShouldSkip = $True, [switch]$ShouldRetry = $True)

$p = New-Module -AsCustomObject -ScriptBlock {
$Caption = 'Предупреждение'
$Message = "Внимание! $PromptMessage. Прервать выполнение мастера?"

[System.Management.Automation.Host.ChoiceDescription[]] $Choices = @()
$Abort = $null
$Skip = $null
$Retry = $null
$Default = $null

function Prompt() {
return $Host.UI.PromptForChoice($Caption,$Message,$Choices,$Default)
}

Export-ModuleMember -Variable * -Function * -Verbose:$false
}

$AbortDescription = New-Object System.Management.Automation.Host.ChoiceDescription '&Abort - &Прервать','Прервать выполнение мастера.'
$RetryDescription = New-Object System.Management.Automation.Host.ChoiceDescription '&Retry - &Повторить','Повторно проверить.'
$SkipDescription = New-Object System.Management.Automation.Host.ChoiceDescription '&Skip - &Пропустить','Попробовать продолжить выполнение мастера.'

$p.Choices += $AbortDescription
if($ShouldRetry) {
$p.Choices += $RetryDescription
}

if($ShouldSkip -eq $True) {
$p.Choices += $SkipDescription
}

$p.Abort = $p.Choices.IndexOf($AbortDescription)
if($ShouldRetry) {
$p.Retry = $p.Choices.IndexOf($RetryDescription)
}
else {
$p.Retry = $null
}

if($ShouldSkip -eq $True) {
$p.Skip = $p.Choices.IndexOf($SkipDescription)
}
else {
$p.Skip = $null
}

$p.Default = $p.Abort

$keepTrying = $true
while ($keepTrying -eq $true) {
$p.Message = "Внимание! $PromptMessage. Прервать выполнение мастера?"
try {
$keepTrying = Invoke-Command -Scriptblock $WouldPromtDelegate
}
catch {
$p.Message = "Внимание! $ErrorMessage. Прервать выполнение мастера?"
}

if ($keepTrying -eq $true) {
$answer = $p.Prompt()
switch ($answer) {
$p.Abort { Write-Verbose -message 'Выполнение мастера прервано пользователем.'; exit }
$p.Retry { continue }
$p.Skip { $keepTrying = $false }
}
}
}
}

function ValidateKeyAcquired
{
param($Config, $ClientCredentials)

$isCaSignCertKeyAquired = {
return (GetCAInfo -Config $Config -ClientCredentials $ClientCredentials).CAState -eq 0
}

Prompt `
-WouldPromtDelegate $isCaSignCertKeyAquired `
-PromptMessage 'Сертификат не может быть изготовлен - ни один из ключей подписи центра сертификации в данный момент не загружен.' `
-ErrorMessage 'Сертификат не может быть изготовлен - Центр Сертификации недоступен'
}

function GetReverseX509DectinguishedName
{
param($Xdn)
return New-Object System.Security.Cryptography.X509Certificates.X500DistinguishedName($xdn.Name, 0)
}

ValidateKeyAcquired -Config $Config
$CASubjectName = (
Get-Item -Path 'CA:\ООО "Сампо-Сервис"').SubjectName
$WebCertSubjectName =
GetReverseX509DectinguishedName -Xdn $CASubjectName
$WebProfile =
New-Object -TypeName 'CryptoPro.CertEncode.DistinguishedName' -ArgumentList $WebCertSubjectName -Property @{'CommonName' = 'Веб-сервер'; 'DnsName' = @('CA1.sampo-servis.ru'); } |
Select-Object -ExpandProperty 'Xdn'
Set-Variable -Name 'WebCertReqConfig' -Value $Value
$WebRawRequest =
New-PkiRequest -MachineKeySet -KeyContainerName $KeyContainerName -ProviderType $ProviderType -ProviderName $ProviderName -KeyLength $KeyLength -HashAlgorithm $HashAlgorithm -CertTemplate $CertTemplate -ExistingKey:$False -Silent:$False -PromptForMedia
$RawResponse =
Send-PkiRequest -RawRequest $WebRawRequest -Config $WebCertReqConfig -ProfileName $WebProfile |
Receive-PkiResponse -Config $WebCertReqConfig
$WebCertPath = $null
if(($RawResponse -ne $null) -and (($RawResponse -is [int]) -eq $False))
{
$WebCertPath =
Install-PkiResponse -RawResponse $RawResponse -MachineKeySet
Start-Sleep -Seconds '5'
}
$WebX509Certificate = $null
if($WebCertPath -ne $null)
{
$WebX509Certificate =
Get-Item -Path $WebCertPath
}
$EnabledCertPath = $null
if($WebCertPath -ne $null)
{
Start-Sleep -Seconds '5'
$EnabledCertPath =
Enable-PkiServer -CertPath $WebCertPath -WebSite $WebSite -HttpsPort $HttpsPort -PassThru
}
ОШИБКА: Внутренняя ошибка.



System.Management.Automation.CmdletInvocationException: Внутренняя ошибка.

---> System.Security.Cryptography.CryptographicException: Внутренняя ошибка.

в CryptoPro.CertEncode.X509Utils.GenerateKeyPair(String providerName, Int32 providerType, String containerName, Boolean machineKeySet, Boolean signatureKeySpec, Boolean exportable, Int32 keyLength, Boolean silent, String pin, Boolean promptForMedia)
в CryptoPro.CertEncode.PkiObjectContainer.CreateNewKeyset(Int32 keyLength, String pin, Boolean promptForMedia)
в CryptoPro.PkiClient.NewPkiRequest.CreateOrOpenKeyPair()
в CryptoPro.PkiClient.NewPkiRequest.CreatePkcs10Request()
в CryptoPro.PkiClient.NewPkiRequestCommand.ProcessCommand()
в CryptoPro.PkiClient.NewPkiRequestCommand.EndProcessingEx()
в CryptoPro.PkiClient.PkiCmdletBase.EndProcessing()
--- Конец трассировки внутреннего стека исключений ---
в System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
в System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
в System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
в System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
в System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
в System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
в CertificateService.Wizards.ScriptRunner.Run()
в CertificateService.Wizards.FinishPage.OnSelectedPageStepIn(Object sender, WizardPageStepInEventArgs e)
HResult = -2146233087 (0x80131501)
=== InnerException #2 ===
System.Security.Cryptography.CryptographicException: Внутренняя ошибка.

в CryptoPro.CertEncode.X509Utils.GenerateKeyPair(String providerName, Int32 providerType, String containerName, Boolean machineKeySet, Boolean signatureKeySpec, Boolean exportable, Int32 keyLength, Boolean silent, String pin, Boolean promptForMedia)
в CryptoPro.CertEncode.PkiObjectContainer.CreateNewKeyset(Int32 keyLength, String pin, Boolean promptForMedia)
в CryptoPro.PkiClient.NewPkiRequest.CreateOrOpenKeyPair()
в CryptoPro.PkiClient.NewPkiRequest.CreatePkcs10Request()
в CryptoPro.PkiClient.NewPkiRequestCommand.ProcessCommand()
в CryptoPro.PkiClient.NewPkiRequestCommand.EndProcessingEx()
в CryptoPro.PkiClient.PkiCmdletBase.EndProcessing()
HResult = -2146893792 (0x80090020)
Внутренняя ошибка.