protected override void ProcessRecord() { var record = new PSObject(); var token = AzureAuthHelper.AuthenticateAsync(Tenant).GetAwaiter().GetResult(); var cert = new X509Certificate2(); if (ParameterSetName == ParameterSet_EXISTINGCERT) { if (ParameterSpecified(nameof(CertificatePassword))) { cert.Import(CertificatePath, CertificatePassword, X509KeyStorageFlags.Exportable); } else { cert.Import(CertificatePath); } } else { // Generate a certificate var x500Values = new List <string>(); if (!MyInvocation.BoundParameters.ContainsKey("CommonName")) { CommonName = ApplicationName; } if (!string.IsNullOrWhiteSpace(CommonName)) { x500Values.Add($"CN={CommonName}"); } if (!string.IsNullOrWhiteSpace(Country)) { x500Values.Add($"C={Country}"); } if (!string.IsNullOrWhiteSpace(State)) { x500Values.Add($"S={State}"); } if (!string.IsNullOrWhiteSpace(Locality)) { x500Values.Add($"L={Locality}"); } if (!string.IsNullOrWhiteSpace(Organization)) { x500Values.Add($"O={Organization}"); } if (!string.IsNullOrWhiteSpace(OrganizationUnit)) { x500Values.Add($"OU={OrganizationUnit}"); } string x500 = string.Join("; ", x500Values); if (ValidYears < 1 || ValidYears > 30) { ValidYears = 10; } DateTime validFrom = DateTime.Today; DateTime validTo = validFrom.AddYears(ValidYears); byte[] certificateBytes = CertificateHelper.CreateSelfSignCertificatePfx(x500, validFrom, validTo, CertificatePassword); cert = new X509Certificate2(certificateBytes, CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); if (!string.IsNullOrWhiteSpace(OutPath)) { if (!Path.IsPathRooted(OutPath)) { OutPath = Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, OutPath); } if (Directory.Exists(OutPath)) { var pfxPath = Path.Combine(OutPath, $"{ApplicationName}.pfx"); byte[] certPfxData = cert.Export(X509ContentType.Pfx, CertificatePassword); File.WriteAllBytes(pfxPath, certPfxData); record.Properties.Add(new PSVariableProperty(new PSVariable("Pfx file", pfxPath))); var cerPath = Path.Combine(OutPath, $"{ApplicationName}.cer"); byte[] certCerData = cert.Export(X509ContentType.Cert); File.WriteAllBytes(cerPath, certCerData); record.Properties.Add(new PSVariableProperty(new PSVariable("Cer file", cerPath))); } } if (ParameterSpecified(nameof(Store))) { using (var store = new X509Store("My", Store)) { store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); } Host.UI.WriteLine(ConsoleColor.Yellow, Host.UI.RawUI.BackgroundColor, "Certificate added to store"); } } var expirationDate = DateTime.Parse(cert.GetExpirationDateString()).ToUniversalTime(); var startDate = DateTime.Parse(cert.GetEffectiveDateString()).ToUniversalTime(); if (token != null) { var permissionScopes = new PermissionScopes(); var scopes = new List <PermissionScope>(); if (this.Scopes != null) { foreach (var scopeIdentifier in this.Scopes) { scopes.Add(permissionScopes.GetScope(scopeIdentifier)); } } else { scopes.Add(permissionScopes.GetScope("SPO.Sites.FullControl.All")); scopes.Add(permissionScopes.GetScope("MSGraph.Group.ReadWrite.All")); scopes.Add(permissionScopes.GetScope("SPO.User.Read.All")); scopes.Add(permissionScopes.GetScope("MSGraph.User.Read.All")); } var scopesPayload = GetScopesPayload(scopes); var payload = new { displayName = ApplicationName, signInAudience = "AzureADMyOrg", keyCredentials = new[] { new { customKeyIdentifier = cert.GetCertHashString(), endDateTime = expirationDate, keyId = Guid.NewGuid().ToString(), startDateTime = startDate, type = "AsymmetricX509Cert", usage = "Verify", key = Convert.ToBase64String(cert.GetRawCertData()) } }, publicClient = new { redirectUris = new[] { "https://login.microsoftonline.com/common/oauth2/nativeclient", } }, requiredResourceAccess = scopesPayload }; var postResult = HttpHelper.MakePostRequestForString("https://graph.microsoft.com/beta/applications", payload, "application/json", token); var azureApp = JsonConvert.DeserializeObject <AzureApp>(postResult); record.Properties.Add(new PSVariableProperty(new PSVariable("AzureAppId", azureApp.AppId))); var waitTime = 60; Host.UI.Write(ConsoleColor.Yellow, Host.UI.RawUI.BackgroundColor, $"Waiting {waitTime} seconds to launch consent flow in a browser window. This wait is required to make sure that Azure AD is able to initialize all required artifacts."); for (var i = 0; i < waitTime; i++) { Host.UI.Write(ConsoleColor.Yellow, Host.UI.RawUI.BackgroundColor, "."); System.Threading.Thread.Sleep(1000); } Host.UI.WriteLine(); var consentUrl = $"https://login.microsoftonline.com/{Tenant}/v2.0/adminconsent?client_id={azureApp.AppId}&scope=https://microsoft.sharepoint-df.com/.default"; record.Properties.Add(new PSVariableProperty(new PSVariable("Certificate Thumbprint", cert.GetCertHashString()))); AzureAuthHelper.OpenConsentFlow(consentUrl, (message) => { Host.UI.WriteLine(ConsoleColor.Red, Host.UI.RawUI.BackgroundColor, message); }); WriteObject(record); } }
protected override void ProcessRecord() { var x500Values = new List <string>(); if (!string.IsNullOrWhiteSpace(CommonName)) { x500Values.Add($"CN={CommonName}"); } if (!string.IsNullOrWhiteSpace(Country)) { x500Values.Add($"C={Country}"); } if (!string.IsNullOrWhiteSpace(State)) { x500Values.Add($"S={State}"); } if (!string.IsNullOrWhiteSpace(Locality)) { x500Values.Add($"L={Locality}"); } if (!string.IsNullOrWhiteSpace(Organization)) { x500Values.Add($"O={Organization}"); } if (!string.IsNullOrWhiteSpace(OrganizationUnit)) { x500Values.Add($"OU={OrganizationUnit}"); } string x500 = string.Join("; ", x500Values); if (ValidYears < 1 || ValidYears > 30) { ValidYears = 10; } DateTime validFrom = DateTime.Today; DateTime validTo = validFrom.AddYears(ValidYears); byte[] certificateBytes = CertificateHelper.CreateSelfSignCertificatePfx(x500, validFrom, validTo, CertificatePassword); var certificate = new X509Certificate2(certificateBytes, CertificatePassword, X509KeyStorageFlags.Exportable); #pragma warning disable CS0618 // Type or member is obsolete if (!string.IsNullOrWhiteSpace(Out)) { OutPfx = Out; #pragma warning restore CS0618 // Type or member is obsolete } if (!string.IsNullOrWhiteSpace(OutPfx)) { if (!Path.IsPathRooted(OutPfx)) { OutPfx = Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, OutPfx); } byte[] certData = certificate.Export(X509ContentType.Pfx, CertificatePassword); File.WriteAllBytes(OutPfx, certData); } if (!string.IsNullOrWhiteSpace(OutCert)) { if (!Path.IsPathRooted(OutCert)) { OutCert = Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, OutCert); } byte[] certData = certificate.Export(X509ContentType.Cert); File.WriteAllBytes(OutCert, certData); } var rawCert = certificate.GetRawCertData(); var base64Cert = Convert.ToBase64String(rawCert); var rawCertHash = certificate.GetCertHash(); var base64CertHash = Convert.ToBase64String(rawCertHash); var keyId = Guid.NewGuid(); var template = @" {{ ""customKeyIdentifier"": ""{0}"", ""keyId"": ""{1}"", ""type"": ""AsymmetricX509Cert"", ""usage"": ""Verify"", ""value"": ""{2}"" }} "; var manifestEntry = string.Format(template, base64CertHash, keyId, base64Cert); var record = new PSObject(); record.Properties.Add(new PSVariableProperty(new PSVariable("Subject", certificate.Subject))); record.Properties.Add(new PSVariableProperty(new PSVariable("ValidFrom", certificate.NotBefore))); record.Properties.Add(new PSVariableProperty(new PSVariable("ValidTo", certificate.NotAfter))); record.Properties.Add(new PSVariableProperty(new PSVariable("Thumbprint", certificate.Thumbprint))); record.Properties.Add(new PSVariableProperty(new PSVariable("KeyCredentials", manifestEntry))); record.Properties.Add(new PSVariableProperty(new PSVariable("Certificate", CertificateHelper.CertificateToBase64(certificate)))); record.Properties.Add(new PSVariableProperty(new PSVariable("PrivateKey", CertificateHelper.PrivateKeyToBase64(certificate)))); WriteObject(record); }
protected override void ProcessRecord() { if (MyInvocation.BoundParameters.ContainsKey(nameof(Store)) && !Utilities.OperatingSystem.IsWindows()) { throw new PSArgumentException("The Store parameter is only supported on Microsoft Windows"); } if (ValidYears < 1 || ValidYears > 30) { ValidYears = 10; } DateTime validFrom = DateTime.Today; DateTime validTo = validFrom.AddYears(ValidYears); #if NETFRAMEWORK var x500Values = new List <string>(); if (!string.IsNullOrWhiteSpace(CommonName)) { x500Values.Add($"CN={CommonName}"); } if (!string.IsNullOrWhiteSpace(Country)) { x500Values.Add($"C={Country}"); } if (!string.IsNullOrWhiteSpace(State)) { x500Values.Add($"S={State}"); } if (!string.IsNullOrWhiteSpace(Locality)) { x500Values.Add($"L={Locality}"); } if (!string.IsNullOrWhiteSpace(Organization)) { x500Values.Add($"O={Organization}"); } if (!string.IsNullOrWhiteSpace(OrganizationUnit)) { x500Values.Add($"OU={OrganizationUnit}"); } string x500 = string.Join("; ", x500Values); byte[] certificateBytes = CertificateHelper.CreateSelfSignCertificatePfx(x500, validFrom, validTo, CertificatePassword); X509Certificate2 certificate = new X509Certificate2(certificateBytes, CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); #else X509Certificate2 certificate = CertificateHelper.CreateSelfSignedCertificate(CommonName, Country, State, Locality, Organization, OrganizationUnit, CertificatePassword, CommonName, validFrom, validTo); #endif if (!string.IsNullOrWhiteSpace(OutPfx)) { if (!Path.IsPathRooted(OutPfx)) { OutPfx = Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, OutPfx); } byte[] certData = certificate.Export(X509ContentType.Pfx, CertificatePassword); File.WriteAllBytes(OutPfx, certData); } if (!string.IsNullOrWhiteSpace(OutCert)) { if (!Path.IsPathRooted(OutCert)) { OutCert = Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, OutCert); } byte[] certData = certificate.Export(X509ContentType.Cert); File.WriteAllBytes(OutCert, certData); } if (Utilities.OperatingSystem.IsWindows() && MyInvocation.BoundParameters.ContainsKey(nameof(Store))) { using (var store = new X509Store("My", Store)) { store.Open(OpenFlags.ReadWrite); store.Add(certificate); store.Close(); } Host.UI.WriteLine(ConsoleColor.Yellow, Host.UI.RawUI.BackgroundColor, "Certificate added to store"); } var rawCert = certificate.GetRawCertData(); var base64Cert = Convert.ToBase64String(rawCert); var rawCertHash = certificate.GetCertHash(); var base64CertHash = Convert.ToBase64String(rawCertHash); var keyId = Guid.NewGuid(); var template = @" {{ ""customKeyIdentifier"": ""{0}"", ""keyId"": ""{1}"", ""type"": ""AsymmetricX509Cert"", ""usage"": ""Verify"", ""value"": ""{2}"" }} "; var manifestEntry = string.Format(template, base64CertHash, keyId, base64Cert); var record = new PSObject(); record.Properties.Add(new PSVariableProperty(new PSVariable("Subject", certificate.Subject))); record.Properties.Add(new PSVariableProperty(new PSVariable("ValidFrom", certificate.NotBefore))); record.Properties.Add(new PSVariableProperty(new PSVariable("ValidTo", certificate.NotAfter))); record.Properties.Add(new PSVariableProperty(new PSVariable("Thumbprint", certificate.Thumbprint))); var pfxBytes = certificate.Export(X509ContentType.Pfx, CertificatePassword); var base64string = Convert.ToBase64String(pfxBytes); record.Properties.Add(new PSVariableProperty(new PSVariable("PfxBase64", base64string))); record.Properties.Add(new PSVariableProperty(new PSVariable("KeyCredentials", manifestEntry))); record.Properties.Add(new PSVariableProperty(new PSVariable("Certificate", CertificateHelper.CertificateToBase64(certificate)))); record.Properties.Add(new PSVariableProperty(new PSVariable("PrivateKey", CertificateHelper.PrivateKeyToBase64(certificate)))); WriteObject(record); }
protected override void ProcessRecord() { var loginEndPoint = string.Empty; var record = new PSObject(); using (var authenticationManager = new AuthenticationManager()) { loginEndPoint = authenticationManager.GetAzureADLoginEndPoint(AzureEnvironment); } if (!ParameterSpecified(nameof(Password))) { Host.UI.Write("Password: "******"The specified network password is not correct")) { throw new PSArgumentNullException(nameof(CertificatePassword), string.Format(Resources.PrivateKeyCertificateImportFailedPasswordIncorrect, nameof(CertificatePassword))); } } else { try { cert.Import(CertificatePath); } catch (CryptographicException e) when(e.Message.Contains("The specified network password is not correct")) { throw new PSArgumentNullException(nameof(CertificatePassword), string.Format(Resources.PrivateKeyCertificateImportFailedPasswordMissing, nameof(CertificatePassword))); } } // Ensure the certificate at the provided CertificatePath holds a private key if (!cert.HasPrivateKey) { throw new PSArgumentException(string.Format(Resources.CertificateAtPathHasNoPrivateKey, CertificatePath), nameof(CertificatePath)); } } else { // Generate a certificate var x500Values = new List <string>(); if (!MyInvocation.BoundParameters.ContainsKey("CommonName")) { CommonName = ApplicationName; } if (!string.IsNullOrWhiteSpace(CommonName)) { x500Values.Add($"CN={CommonName}"); } if (!string.IsNullOrWhiteSpace(Country)) { x500Values.Add($"C={Country}"); } if (!string.IsNullOrWhiteSpace(State)) { x500Values.Add($"S={State}"); } if (!string.IsNullOrWhiteSpace(Locality)) { x500Values.Add($"L={Locality}"); } if (!string.IsNullOrWhiteSpace(Organization)) { x500Values.Add($"O={Organization}"); } if (!string.IsNullOrWhiteSpace(OrganizationUnit)) { x500Values.Add($"OU={OrganizationUnit}"); } string x500 = string.Join("; ", x500Values); if (ValidYears < 1 || ValidYears > 30) { ValidYears = 10; } DateTime validFrom = DateTime.Today; DateTime validTo = validFrom.AddYears(ValidYears); byte[] certificateBytes = CertificateHelper.CreateSelfSignCertificatePfx(x500, validFrom, validTo, CertificatePassword); cert = new X509Certificate2(certificateBytes, CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); if (!string.IsNullOrWhiteSpace(OutPath)) { if (!Path.IsPathRooted(OutPath)) { OutPath = Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, OutPath); } if (Directory.Exists(OutPath)) { var pfxPath = Path.Combine(OutPath, $"{ApplicationName}.pfx"); byte[] certPfxData = cert.Export(X509ContentType.Pfx, CertificatePassword); File.WriteAllBytes(pfxPath, certPfxData); record.Properties.Add(new PSVariableProperty(new PSVariable("Pfx file", pfxPath))); var cerPath = Path.Combine(OutPath, $"{ApplicationName}.cer"); byte[] certCerData = cert.Export(X509ContentType.Cert); File.WriteAllBytes(cerPath, certCerData); record.Properties.Add(new PSVariableProperty(new PSVariable("Cer file", cerPath))); } } if (ParameterSpecified(nameof(Store))) { using (var store = new X509Store("My", Store)) { store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); } Host.UI.WriteLine(ConsoleColor.Yellow, Host.UI.RawUI.BackgroundColor, "Certificate added to store"); } } var expirationDate = DateTime.Parse(cert.GetExpirationDateString()).ToUniversalTime(); var startDate = DateTime.Parse(cert.GetEffectiveDateString()).ToUniversalTime(); if (token != null) { var permissionScopes = new PermissionScopes(); var scopes = new List <PermissionScope>(); if (this.Scopes != null) { foreach (var scopeIdentifier in this.Scopes) { scopes.Add(permissionScopes.GetScope(scopeIdentifier)); } } else { scopes.Add(permissionScopes.GetScope("SPO.Sites.FullControl.All")); scopes.Add(permissionScopes.GetScope("MSGraph.Group.ReadWrite.All")); scopes.Add(permissionScopes.GetScope("SPO.User.Read.All")); scopes.Add(permissionScopes.GetScope("MSGraph.User.Read.All")); } var scopesPayload = GetScopesPayload(scopes); var payload = new { displayName = ApplicationName, signInAudience = "AzureADMyOrg", keyCredentials = new[] { new { customKeyIdentifier = cert.GetCertHashString(), endDateTime = expirationDate, keyId = Guid.NewGuid().ToString(), startDateTime = startDate, type = "AsymmetricX509Cert", usage = "Verify", key = Convert.ToBase64String(cert.GetRawCertData()) } }, publicClient = new { redirectUris = new[] { $"{loginEndPoint}/common/oauth2/nativeclient" } }, requiredResourceAccess = scopesPayload }; var requestContent = new StringContent(JsonSerializer.Serialize(payload)); requestContent.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("application/json"); var azureApp = GraphHelper.PostAsync <AzureApp>(new System.Net.Http.HttpClient(), "/beta/applications", requestContent, token).GetAwaiter().GetResult(); record.Properties.Add(new PSVariableProperty(new PSVariable("AzureAppId", azureApp.AppId))); var consentUrl = $"{loginEndPoint}/{Tenant}/v2.0/adminconsent?client_id={azureApp.AppId}&scope=https://microsoft.sharepoint-df.com/.default"; record.Properties.Add(new PSVariableProperty(new PSVariable("Certificate Thumbprint", cert.GetCertHashString()))); var waitTime = 60; Host.UI.WriteLine(ConsoleColor.Yellow, Host.UI.RawUI.BackgroundColor, $"Waiting {waitTime} seconds to launch consent flow in a browser window. This wait is required to make sure that Azure AD is able to initialize all required artifacts. After you provided consent you will see a blank page. This is expected. You can always navigate to the consent page manually: {consentUrl}"); Console.TreatControlCAsInput = true; for (var i = 0; i < waitTime; i++) { Host.UI.Write(ConsoleColor.Yellow, Host.UI.RawUI.BackgroundColor, "."); System.Threading.Thread.Sleep(1000); // Check if CTRL+C has been pressed and if so, abort the wait if (Host.UI.RawUI.KeyAvailable) { var key = Host.UI.RawUI.ReadKey(ReadKeyOptions.AllowCtrlC | ReadKeyOptions.NoEcho | ReadKeyOptions.IncludeKeyUp); if ((key.ControlKeyState.HasFlag(ControlKeyStates.LeftCtrlPressed) || key.ControlKeyState.HasFlag(ControlKeyStates.RightCtrlPressed)) && key.VirtualKeyCode == 67) { break; } } } Host.UI.WriteLine(); WriteObject(record); BrowserHelper.LaunchBrowser(consentUrl); //AzureAuthHelper.OpenConsentFlow(consentUrl, (message) => //{ // Host.UI.WriteLine(ConsoleColor.Red, Host.UI.RawUI.BackgroundColor, message); //}); } }
private X509Certificate2 GetCertificate(PSObject record) { var cert = new X509Certificate2(); if (ParameterSetName == ParameterSet_EXISTINGCERT) { if (!System.IO.Path.IsPathRooted(CertificatePath)) { CertificatePath = Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, CertificatePath); } // Ensure a file exists at the provided CertificatePath if (!File.Exists(CertificatePath)) { throw new PSArgumentException(string.Format(Resources.CertificateNotFoundAtPath, CertificatePath), nameof(CertificatePath)); } try { cert = new X509Certificate2(CertificatePath, CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); } catch (CryptographicException e) when(e.Message.Contains("The specified password is not correct")) { throw new PSArgumentNullException(nameof(CertificatePassword), string.Format(Resources.PrivateKeyCertificateImportFailedPasswordIncorrect, nameof(CertificatePassword))); } // Ensure the certificate at the provided CertificatePath holds a private key if (!cert.HasPrivateKey) { throw new PSArgumentException(string.Format(Resources.CertificateAtPathHasNoPrivateKey, CertificatePath), nameof(CertificatePath)); } } else { #if NETFRAMEWORK var x500Values = new List <string>(); if (!MyInvocation.BoundParameters.ContainsKey("CommonName")) { CommonName = ApplicationName; } if (!string.IsNullOrWhiteSpace(CommonName)) { x500Values.Add($"CN={CommonName}"); } if (!string.IsNullOrWhiteSpace(Country)) { x500Values.Add($"C={Country}"); } if (!string.IsNullOrWhiteSpace(State)) { x500Values.Add($"S={State}"); } if (!string.IsNullOrWhiteSpace(Locality)) { x500Values.Add($"L={Locality}"); } if (!string.IsNullOrWhiteSpace(Organization)) { x500Values.Add($"O={Organization}"); } if (!string.IsNullOrWhiteSpace(OrganizationUnit)) { x500Values.Add($"OU={OrganizationUnit}"); } string x500 = string.Join("; ", x500Values); if (ValidYears < 1 || ValidYears > 30) { ValidYears = 10; } DateTime validFrom = DateTime.Today; DateTime validTo = validFrom.AddYears(ValidYears); byte[] certificateBytes = CertificateHelper.CreateSelfSignCertificatePfx(x500, validFrom, validTo, CertificatePassword); cert = new X509Certificate2(certificateBytes, CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); #else if (!MyInvocation.BoundParameters.ContainsKey("CommonName")) { CommonName = ApplicationName; } DateTime validFrom = DateTime.Today; DateTime validTo = validFrom.AddYears(ValidYears); cert = CertificateHelper.CreateSelfSignedCertificate(CommonName, Country, State, Locality, Organization, OrganizationUnit, CertificatePassword, CommonName, validFrom, validTo); #endif } var pfxPath = string.Empty; var cerPath = string.Empty; if (Directory.Exists(OutPath)) { pfxPath = Path.Combine(OutPath, $"{ApplicationName}.pfx"); cerPath = Path.Combine(OutPath, $"{ApplicationName}.cer"); byte[] certPfxData = cert.Export(X509ContentType.Pfx, CertificatePassword); File.WriteAllBytes(pfxPath, certPfxData); record.Properties.Add(new PSVariableProperty(new PSVariable("Pfx file", pfxPath))); byte[] certCerData = cert.Export(X509ContentType.Cert); File.WriteAllBytes(cerPath, certCerData); record.Properties.Add(new PSVariableProperty(new PSVariable("Cer file", cerPath))); } if (ParameterSpecified(nameof(Store))) { if (OperatingSystem.IsWindows()) { using (var store = new X509Store("My", Store)) { store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); } Host.UI.WriteLine(ConsoleColor.Yellow, Host.UI.RawUI.BackgroundColor, "Certificate added to store"); } } return(cert); }