Instead of roots.exe which now has volnerability fetch certs with powershell and node.js?

[OZZlE]

This is Work in Progress, my enterprise computer decided that roots.exe is dangerous and just removes it so I started looking into an alternative way of getting the root certificates for doing a proper node fetch on windows with ssl.

const fetchAllRootCertificates = async (): Promise<string> => {
  const cliPSCommand = `
    $env:PSModulePath = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine');
    Get-ChildItem -Path Cert:\\LocalMachine\\Root | ForEach-Object {
      "-----BEGIN CERTIFICATE-----"
      [System.Convert]::ToBase64String($_.RawData, "InsertLineBreaks")
      "-----END CERTIFICATE-----"
    }
  `;

  const util = require("util");
  const exec = util.promisify(require("child_process").exec);
  const { stdout } = await exec(`powershell -Command "${cliPSCommand}"`);
  return stdout;
};

I know to little about Certificates however to finish this, maybe it's not possible? Using the above it still says "unable to get local issuer certificate" .. but maybe the names of the certs needs to be included?? or some other

[ukoloff]

Well, this is PowerShell one-liner, drop-in replacement for roots.exe:

Get-ChildItem Cert:\LocalMachine\Root | ForEach-Object { -join $_.RawData.Foreach({ $_.ToString('x2') }) }

[cobra377]

This is Work in Progress, my enterprise computer decided that roots.exe is dangerous and just removes it so I started looking into an alternative way of getting the root certificates for doing a proper node fetch on windows with ssl.

const fetchAllRootCertificates = async (): Promise<string> => {
  const cliPSCommand = `
    $env:PSModulePath = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine');
    Get-ChildItem -Path Cert:\\LocalMachine\\Root | ForEach-Object {
      "-----BEGIN CERTIFICATE-----"
      [System.Convert]::ToBase64String($_.RawData, "InsertLineBreaks")
      "-----END CERTIFICATE-----"
    }
  `;

  const util = require("util");
  const exec = util.promisify(require("child_process").exec);
  const { stdout } = await exec(`powershell -Command "${cliPSCommand}"`);
  return stdout;
};

I know to little about Certificates however to finish this, maybe it's not possible? Using the above it still says "unable to get local issuer certificate" .. but maybe the names of the certs needs to be included?? or some other

[ukoloff]

And what is your purpose? Do you need a list of all root certificates? Or just connect to some Web server? Or what?

As for me, I cannot run PowerShell from Node.js due to our Enterprise policies :-(