From 64759ce1a38caa196b731b262db5dccfefccccde Mon Sep 17 00:00:00 2001
From: Aleksandr Chebotov <47745270+al-cheb@users.noreply.github.com>
Date: Fri, 1 Jul 2022 10:43:40 +0200
Subject: [PATCH] Create IIS Express Development Certificate (#5852)

---
 .../GenerateIISExpressCertificate.ps1         | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 images/win/post-generation/GenerateIISExpressCertificate.ps1

diff --git a/images/win/post-generation/GenerateIISExpressCertificate.ps1 b/images/win/post-generation/GenerateIISExpressCertificate.ps1
new file mode 100644
index 00000000..609bbb40
--- /dev/null
+++ b/images/win/post-generation/GenerateIISExpressCertificate.ps1
@@ -0,0 +1,40 @@
+$friendlyName = "IIS Express Development Certificate"
+$certStore = "Cert:\LocalMachine\My"
+$oldCert = Get-ChildItem $certStore | Where-Object FriendlyName -match $friendlyName
+
+if(-not $oldCert) {
+    Write-Host "$friendlyName certificate not found"
+    return
+}
+
+Write-Host "Removing $($oldCert.Thumbprint) certificate"
+Remove-Item -Path $oldCert.PSPath -Confirm:$false
+
+Write-Host "Creating $friendlyName certificate"
+$selfSignedCertParam = @{
+    Subject = "localhost"
+    DnsName = "localhost"
+    KeyAlgorithm = "RSA"
+    KeyLength = 2048
+    NotBefore = (Get-Date)
+    NotAfter = (Get-Date).AddYears(5)
+    CertStoreLocation = $certStore
+    FriendlyName = $friendlyName
+    HashAlgorithm = "SHA256"
+    KeyUsage = "DigitalSignature", "KeyEncipherment", "DataEncipherment"
+    TextExtension = @("2.5.29.37={text}1.3.6.1.5.5.7.3.1")
+}
+$cert = New-SelfSignedCertificate @selfSignedCertParam
+
+# The app ID is the IIS Express app ID
+$certThumbprint = $cert.Thumbprint
+$appId = "{214124cd-d05b-4309-9af9-9caa44b2b74a}"
+$startPort = 44300
+$endPort = 44399
+
+Write-Host "Binding ${certThumbprint} certificate using netsh port=${startPort}:${endPort} and appID=${appId}"
+$startPort..$endPort | ForEach-Object {
+    $port = $_
+    cmd /c "netsh http delete sslcert ipport=0.0.0.0:$port > nul 2>&1"
+    cmd /c "netsh http add sslcert ipport=0.0.0.0:$port certhash=$certThumbprint appid=$appId certstorename=MY > nul 2>&1"
+}