PowerShell script to download the Belgian eID root and intermediate certificates
When you want to allow your AD users to logon with their (Belgian) eID card, you must prep your PKI to recognize the root and intermediate CA of the Belgian Government.
So you need to download the certs and add them to the trusted root and intermediate certificate authorities of your PKI.
Of course you can download them manually from : http://repository.eid.belgium.be/index.php?lang=en
The certificate list is actually available over here: http://certs.eid.belgium.be/
Or you can use a download manager.
But it's far more fun to use a free script you can use to automate the download.
Here you go:
#----------------------------------------------------------------------------------------------------
# Original Author: Peter Geelen
# e-mail:
#peter@fim2010.be
# Web: blog.identityunderground.be
#----------------------------------------------------------------------------------------------------
# Set base parameters
#----------------------------------------------------------------------------------------------------
$sourceURL="http://certs.eid.belgium.be/"
$sourceEXT="crt"
$destination="D:\Downloads\eID\allcerts"
#----------------------------------------------------------------------------------------------------
# generate list of current eID certs
#----------------------------------------------------------------------------------------------------
#open web connection
$webclient= New-Object Net.Webclient
$htmlData = $webclient.DownloadString("$sourceURL")
#skip header info
$index= $htmlData.IndexOf("Description")
$htmlData = $htmlData.substring($index)
#find first cert URL (after header info)
$startpos= $htmlData.IndexOf("a href")
$fileList = @()
$datelist= @()
while ($startpos -ge 0)
{
$htmlData = $htmlData.substring($startpos+8)
$endpos = $htmlData.IndexOf(">")
$filename = $htmlData.Substring(0,$endpos-1)
$startpos = $htmlData.IndexOf("right"">")
$htmlData = $htmlData.substring($startpos+7)
$endpos = $htmlData.IndexOf(" <")
$date = $htmlData.Substring(0,$endpos)
if ($filename.Contains($sourceEXT))
{
$fileList += $filename
$datelist += $date
}
$startpos = $htmlData.IndexOf("a href")
}
#----------------------------------------------------------------------------------------------------
# download all current eID certs
# from URL
# to local folder
#----------------------------------------------------------------------------------------------------
$counter= 0
foreach ($file in $fileList)
{
$from= $sourceURL + "/" +$file
$to= $destination + "\ +$file
$to
$region= [Globalization.CultureInfo]::CreateSpecificCulture('en-US')
$webclient.DownloadFile($from, $to)
$creationdate= [datetime]::parseexact($datelist[$counter].Trim(),"dd-MMM-yyyy HH:mm",$region)
#$creationdate
#set creation date to original timestamp
Get-Item$to | % { $_.CreationTime = $creationdate }
$counter+=1
}
And you get a free add-on to download the CRLs.
Because: fun thing about this script is: you can reuse it to download the CRL and delta CRL files from : http://crl.eid.belgium.be/
You just need to adapt the Source URL parameter and the file extension (crl) to download.