From 1ea6cc521ad57d1e1c07f119129ebcac07107cae Mon Sep 17 00:00:00 2001
From: Aleksandr Chebotov <v-aleche@microsoft.com>
Date: Sun, 29 Mar 2020 23:55:35 +0300
Subject: [PATCH 1/3] install root ca

---
 images/win/Windows2019-Azure.json             |  6 +++++
 .../win/scripts/Installers/Install-RootCA.ps1 | 24 +++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 images/win/scripts/Installers/Install-RootCA.ps1

diff --git a/images/win/Windows2019-Azure.json b/images/win/Windows2019-Azure.json
index c93f79e75..7376f98ca 100644
--- a/images/win/Windows2019-Azure.json
+++ b/images/win/Windows2019-Azure.json
@@ -110,6 +110,12 @@
                 "{{ template_dir }}/scripts/Installers/Update-DotnetTLS.ps1"
             ]
         },
+        {
+            "type": "powershell",
+            "scripts":[
+                "{{ template_dir }}/scripts/Installers/Install-RootCA.ps1"
+            ]
+        },
         {
             "type": "windows-restart",
             "restart_timeout": "10m"
diff --git a/images/win/scripts/Installers/Install-RootCA.ps1 b/images/win/scripts/Installers/Install-RootCA.ps1
new file mode 100644
index 000000000..824b2b465
--- /dev/null
+++ b/images/win/scripts/Installers/Install-RootCA.ps1
@@ -0,0 +1,24 @@
+# Serialized Certificate Store File
+$sstFile = "$env:TEMP\roots.sst"
+# Generate SST from Windows Update
+$result = certutil.exe -generateSSTFromWU $sstFile
+if ($LASTEXITCODE -eq 0) {
+    # Dump certificates
+    $result = certutil.exe -dump $sstFile
+    if ($LASTEXITCODE -eq 0) {
+        # Import Root CA into "Trusted Root Certification Authority"
+        try {
+            Import-Certificate -FilePath $sstFile -CertStoreLocation Cert:\LocalMachine\Root
+        } catch {
+            Write-Host "[Error]: failed to import ROOT CA`n$_"
+        }
+    }
+    else {
+        Write-Host "[Error]: failed to dump $sstFile sst file`n$result"
+    }
+}
+else {
+    Write-Host "[Error]: failed to generate $sstFile sst file`n$result"
+}
+
+exit $LASTEXITCODE
\ No newline at end of file

From ff07d56975499796602b7ffc1ad8c8b44d3dd18a Mon Sep 17 00:00:00 2001
From: Aleksandr Chebotov <v-aleche@microsoft.com>
Date: Mon, 30 Mar 2020 18:33:21 +0300
Subject: [PATCH 2/3] install root ca

---
 images/win/Windows2019-Azure.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/images/win/Windows2019-Azure.json b/images/win/Windows2019-Azure.json
index 7376f98ca..bdac45b55 100644
--- a/images/win/Windows2019-Azure.json
+++ b/images/win/Windows2019-Azure.json
@@ -110,12 +110,6 @@
                 "{{ template_dir }}/scripts/Installers/Update-DotnetTLS.ps1"
             ]
         },
-        {
-            "type": "powershell",
-            "scripts":[
-                "{{ template_dir }}/scripts/Installers/Install-RootCA.ps1"
-            ]
-        },
         {
             "type": "windows-restart",
             "restart_timeout": "10m"
@@ -577,6 +571,12 @@
                 "{{ template_dir }}/scripts/Installers/Install-Bazel.ps1"
             ]
         },
+        {
+            "type": "powershell",
+            "scripts":[
+                "{{ template_dir }}/scripts/Installers/Install-RootCA.ps1"
+            ]
+        },
         {
             "type": "windows-restart",
             "restart_timeout": "10m"

From 1201c933b6593a25c6fbf4b3367cd1d1d6e77041 Mon Sep 17 00:00:00 2001
From: Aleksandr Chebotov <v-aleche@microsoft.com>
Date: Tue, 31 Mar 2020 12:22:38 +0300
Subject: [PATCH 3/3] install root ca

---
 .../win/scripts/Installers/Install-RootCA.ps1 | 32 +++++++++----------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/images/win/scripts/Installers/Install-RootCA.ps1 b/images/win/scripts/Installers/Install-RootCA.ps1
index 824b2b465..cd3a46425 100644
--- a/images/win/scripts/Installers/Install-RootCA.ps1
+++ b/images/win/scripts/Installers/Install-RootCA.ps1
@@ -2,23 +2,21 @@
 $sstFile = "$env:TEMP\roots.sst"
 # Generate SST from Windows Update
 $result = certutil.exe -generateSSTFromWU $sstFile
-if ($LASTEXITCODE -eq 0) {
-    # Dump certificates
-    $result = certutil.exe -dump $sstFile
-    if ($LASTEXITCODE -eq 0) {
-        # Import Root CA into "Trusted Root Certification Authority"
-        try {
-            Import-Certificate -FilePath $sstFile -CertStoreLocation Cert:\LocalMachine\Root
-        } catch {
-            Write-Host "[Error]: failed to import ROOT CA`n$_"
-        }
-    }
-    else {
-        Write-Host "[Error]: failed to dump $sstFile sst file`n$result"
-    }
-}
-else {
+if ($LASTEXITCODE -ne 0) {
     Write-Host "[Error]: failed to generate $sstFile sst file`n$result"
+    exit $LASTEXITCODE
+}
+
+$result = certutil.exe -dump $sstFile
+if ($LASTEXITCODE -ne 0) {
+    Write-Host "[Error]: failed to dump $sstFile sst file`n$result"
+    exit $LASTEXITCODE
+}
+
+try {
+    Import-Certificate -FilePath $sstFile -CertStoreLocation Cert:\LocalMachine\Root
+} catch {
+    Write-Host "[Error]: failed to import ROOT CA`n$_"
+    exit 1
 }
 
-exit $LASTEXITCODE
\ No newline at end of file