Using PowerShell script to download the Belgian eID root and intermediate certificates

When you want to allow your AD users to logon with their (Belgian) eID card, you must prep your PKI to recognize the root and intermediate CA of the Belgian Government.
So you need to download the certs and add them to the trusted root and intermediate certificate authorities of your PKI.

Of course you can download them manually from : http://repository.eid.belgium.be/index.php?lang=en
The certificate list is actually available over here: http://certs.eid.belgium.be/

Or you can use a download manager.

But it’s far more fun to use a free script you can use to automate the download, right?
Here you go:

#—————————————————————————————————-
# Author: Peter Geelen
# e-mail:
#peter@fim2010.be
# Web: blog.identityunderground.be
#—————————————————————————————————-
# Set base parameters
#—————————————————————————————————-

$sourceURL=http://certs.eid.belgium.be

$sourceEXT=”crt”

$destination=“D:\Downloads\eID\allcerts”

#—————————————————————————————————-
# generate list of current eID certs
#—————————————————————————————————-

#open web connection

$webclient= New-Object Net.Webclient

$htmlData  = $webclient.DownloadString($sourceURL)

#skip header info

$index= $htmlData.IndexOf(“Description”)

$htmlData  = $htmlData.substring($index)

#find first cert URL (after header info)

$startpos= $htmlData.IndexOf(“a href”)

$fileList  = @()

$datelist= @()

while ($startpos -ge 0)

{

    $htmlData  = $htmlData.substring($startpos+8)

    $endpos = $htmlData.IndexOf(“>”)

    $filename = $htmlData.Substring(0,$endpos1)

    $startpos = $htmlData.IndexOf(“right””>”)

    $htmlData  = $htmlData.substring($startpos+7)

    $endpos = $htmlData.IndexOf(” <“)

    $date = $htmlData.Substring(0,$endpos)

    if ($filename.Contains($sourceEXT))

    {

        $fileList += $filename
        $datelist += $date

    }

    $startpos = $htmlData.IndexOf(“a href”)

} 

#—————————————————————————————————-
# download all current eID certs
# from URL
# to local folder
#—————————————————————————————————-

$counter= 0

foreach ($file in $fileList)
{

$from= $sourceURL + “/” +$file

$to=  $destination + “\” +$file

$to
$region
= [Globalization.CultureInfo]::CreateSpecificCulture(‘en-US’)

$webclient.DownloadFile($from, $to)

$creationdate= [datetime]::parseexact($datelist[$counter].Trim(),“dd-MMM-yyyy HH:mm”,$region)

#$creationdate

#set creation date to original timestamp
Get-Item
$to | % { $_.CreationTime = $creationdate }

$counter+=1
}

And you get a free add-on to download the CRLs.

Because: fun thing about this script is: you can reuse it to download the CRL and delta CRL files from : http://crl.eid.belgium.be/

You just need to adapt the Source URL parameter and the file extension to download.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s