Added removal of cert(s) from Windows store upon 'restore' command

custom-dev-tools · Jun 22, 2020 · c52249d · c52249d
1 parent 918e39d
commit c52249d
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 34 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,5 @@
 
 # Personal use configuration files.
 personal-config.ini
-personal-ssl-config.bat
+personal-ssl-config.bat
+personal-ssl-config-restore.bat
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
 
 ## [Unreleased]
 
+- Add config option for HTTP/2 per domain.
+
+## [1.1.0] - 2020-06-22
+
+### Added
+- Added removal of certificate(s) from Windows store upon 'restore' command.
+
 ## [1.0.2] - 2020-06-15
 
 ### Updated

diff --git a/README.md b/README.md
@@ -278,8 +278,9 @@ $ start "C:\path\to\ssl_config.bat" "C:\path\to\config.ini" restore
 Running the script performs the following:
 
 1. Parses the config file to get required data.
-2. Tries to restore the systems 'hosts' file (if a backup is found).
-3. Restores each and every installed version of Apache's primary configuration file (if a backup is found).
+2. Restores each and every installed version of Apache's primary configuration file (if a backup is found).
+3. Removes each and every config domain name from the Windows Trusted Root Certificate Store.
+4. Tries to restore the systems 'hosts' file (if a backup is found).
 
 > If your systems 'hosts' file was unable to be restored then see the section titled [Unable To Modify Your Systems 'Hosts' File](#unable-to-modify-your-systems-hosts-file).
 

diff --git a/ssl_config.bat b/ssl_config.bat
@@ -7,7 +7,7 @@ rem     INITIALISATION
 rem -----------------------
 rem  Set default variables
 rem -----------------------
-set $scriptVersion=1.0.2
+set $scriptVersion=1.1.0
 set $scriptLogFileName=ssl_config.log
 
 rem WampServer sub-paths.
@@ -314,36 +314,6 @@ rem --------------------
 rem Check if the restore flag is set to true.
 if /i "!$restoreFlag!" equ "true" (
 
-    rem Set 'hosts' file updated flag.
-    set $osHostsFileUpdated=false
-
-    rem -------------------------
-    rem  Restore OS 'hosts' file
-    rem -------------------------
-
-    call :logToBoth "Attempting to restore OS 'hosts' file."
-
-    rem Check if the OS 'hosts-backup' file exists.
-    if exist "%$pathToOSHostsFile%-backup" (
-
-        rem Restore the OS 'hosts' file.
-        rem Unable to redirect error output without breaking updating of file...
-        type "!$pathToOSHostsFile!-backup" > "!$pathToOSHostsFile!" 2>nul
-
-        rem Check if the OS 'hosts' file matches the 'hosts-backup'file.
-        fc "!$pathToOSHostsFile!-backup" "!$pathToOSHostsFile!" >nul && (
-            set $osHostsFileUpdated=true
-            call :deleteFileIfExists "!$pathToOSHostsFile!-backup" 2>nul
-            call :logToBoth "Restored OS 'hosts' file."
-        ) || (
-            call :logToBoth "Unable to restore OS 'hosts' file."
-        )
-    ) else (
-        set $osHostsFileUpdated=true
-        call :logToBoth "OS 'hosts' backup file not found."
-    )
-
-
     rem ------------------------------
     rem  Loop through Apache versions
     rem ------------------------------
@@ -386,6 +356,56 @@ if /i "!$restoreFlag!" equ "true" (
         call :logToBoth "  '!$installedApacheVersionsArray[%%a]!' validated."
     )
 
+
+    rem ----------------------
+    rem  Loop through domains
+    rem ----------------------
+
+    call :logToBoth "Deleting certificates from store:"
+
+    rem Iterate through all config listed domains.
+    for /l %%a in (1,1,%$totalConfigDomains%) do (
+
+        rem -----------------------------------
+        rem  Delete cert(s) from Windows store
+        rem -----------------------------------
+
+        rem Delete certificate from 'trusted root certificate store'.
+        rem View store by entering 'certmgr.msc' at the command line.
+        certutil -delstore "root" "!$config[%%a][hostname]!" > nul
+        call :logToBoth "  '!$config[%%a][hostname]!'"
+    )
+
+
+    rem -------------------------
+    rem  Restore OS 'hosts' file
+    rem -------------------------
+
+    rem Set 'hosts' file updated flag.
+    set $osHostsFileUpdated=false
+
+    call :logToBoth "Attempting to restore OS 'hosts' file."
+
+    rem Check if the OS 'hosts-backup' file exists.
+    if exist "%$pathToOSHostsFile%-backup" (
+
+        rem Restore the OS 'hosts' file.
+        rem Unable to redirect error output without breaking updating of file...
+        type "!$pathToOSHostsFile!-backup" > "!$pathToOSHostsFile!" 2>nul
+
+        rem Check if the OS 'hosts' file matches the 'hosts-backup'file.
+        fc "!$pathToOSHostsFile!-backup" "!$pathToOSHostsFile!" >nul && (
+            set $osHostsFileUpdated=true
+            call :deleteFileIfExists "!$pathToOSHostsFile!-backup" 2>nul
+            call :logToBoth "Restored OS 'hosts' file."
+        ) || (
+            call :logToBoth "Unable to restore OS 'hosts' file."
+        )
+    ) else (
+        set $osHostsFileUpdated=true
+        call :logToBoth "OS 'hosts' backup file not found."
+    )
+
     rem ----------------
     rem  Restart Apache
     rem ----------------