Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Instead of roots.exe which now has volnerability fetch certs with powershell and node.js? #55

Open
OZZlE opened this issue Oct 30, 2024 · 3 comments
Open

Instead of roots.exe which now has volnerability fetch certs with powershell and node.js? #55

OZZlE opened this issue Oct 30, 2024 · 3 comments

Comments

@OZZlE
Copy link

OZZlE commented Oct 30, 2024

This is Work in Progress, my enterprise computer decided that roots.exe is dangerous and just removes it so I started looking into an alternative way of getting the root certificates for doing a proper node fetch on windows with ssl.

const fetchAllRootCertificates = async (): Promise<string> => {
  const cliPSCommand = `
    $env:PSModulePath = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine');
    Get-ChildItem -Path Cert:\\LocalMachine\\Root | ForEach-Object {
      "-----BEGIN CERTIFICATE-----"
      [System.Convert]::ToBase64String($_.RawData, "InsertLineBreaks")
      "-----END CERTIFICATE-----"
    }
  `;

  const util = require("util");
  const exec = util.promisify(require("child_process").exec);
  const { stdout } = await exec(`powershell -Command "${cliPSCommand}"`);
  return stdout;
};

I know to little about Certificates however to finish this, maybe it's not possible? Using the above it still says "unable to get local issuer certificate" .. but maybe the names of the certs needs to be included?? or some other
@ukoloff
Copy link
Owner

ukoloff commented Oct 30, 2024

Well, this is PowerShell one-liner, drop-in replacement for roots.exe:

Get-ChildItem Cert:\LocalMachine\Root | ForEach-Object { -join $_.RawData.Foreach({ $_.ToString('x2') }) }

@cobra377
Copy link

cobra377 commented Dec 4, 2024

This is Work in Progress, my enterprise computer decided that roots.exe is dangerous and just removes it so I started looking into an alternative way of getting the root certificates for doing a proper node fetch on windows with ssl.

const fetchAllRootCertificates = async (): Promise<string> => {
  const cliPSCommand = `
    $env:PSModulePath = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine');
    Get-ChildItem -Path Cert:\\LocalMachine\\Root | ForEach-Object {
      "-----BEGIN CERTIFICATE-----"
      [System.Convert]::ToBase64String($_.RawData, "InsertLineBreaks")
      "-----END CERTIFICATE-----"
    }
  `;

  const util = require("util");
  const exec = util.promisify(require("child_process").exec);
  const { stdout } = await exec(`powershell -Command "${cliPSCommand}"`);
  return stdout;
};

I know to little about Certificates however to finish this, maybe it's not possible? Using the above it still says "unable to get local issuer certificate" .. but maybe the names of the certs needs to be included?? or some other

@ukoloff
Copy link
Owner

ukoloff commented Dec 5, 2024
edited
Loading

And what is your purpose? Do you need a list of all root certificates? Or just connect to some Web server? Or what?

As for me, I cannot run PowerShell from Node.js due to our Enterprise policies :-(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@OZZlE @ukoloff @cobra377