The AppGate SDP client can be deployed using a customized PowerShell script in order to push the Controller certificate spaURL.
AppGate SDP Client
Copy the below PowerShell script below to a file.
Edit the URLs, spaURL and FriendlyName within the script, based on your setup.
Save the file.
Run the script manually on the machine, or via deployment tools such SCCM or PQD deploy.
Set-StrictMode -Version 2.0
##Update the URLs, spaURL, and FriendlyName below.
$installerURL = "https://yourhost/AppGate-Installer.exe"
$certURL = "https://yourhost/CYXAppgate.cer" #CA cert from AppGate Controller
$spaURL = 'https://yourSDPController/eyJzcGEiOnsibW9kZSI6IlRDUCIsIm5hbWUiOiJDWVhTRFAiLCJrZXkiOiIwZWRiMzk4MGQ1ZGI1NWYyOWU5YzlmNmRhNWZiMzQ5NGRhMmM1Nzg2ZGJiM2Y5YzE2OTM3MzNkYjI4ZjkxOTRhIn19'
$friendlyName = "Your cert friendly name"
#The below can be changed if you like.
$workingDir = "c:\temp\"
# Defines the certificate location.
$certDest = "cert:\LocalMachine\Root"
#Don't change these they are used in the script.
$tmpdir = Test-Path $workingDir
if( -not $tmpdir) {New-Item -ItemType Directory -path $workingDir > $null}
$filename = Split-Path $installerURL -Leaf
$filename2 = Split-Path $certURL -Leaf
$path = $workingDir + $filename
$path2 = $workingDir + $filename2
#Downloads the AppGate Client and Cert files before installing.
Function installAppgate{
Write-host "Downloading Client Installer."
(New-Object Net.WebClient).DownloadFile($installerURL, $path)
Write-host "Downloading Cert File."
(New-Object Net.WebClient).DownloadFile($certURL, $path2)
try{Write-host "Adding Cert to Store"
importCert
}
catch{$ErrorMessage1 = $_.Exception.Message
Write-host "Something went wrong adding Cert to Store" $ErrorMessage1
}
try{Write-Host "Installing Appgate Client."
Start-Process -FilePath $path -ArgumentList "/S /A /W /U`"$spaURL`""
Write-Host "Installing AppGate " -Wait
}
catch{$ErrorMessage2 = $_.Exception.Message
Write-host "Something went wrong Installing AppGate client" $ErrorMessage2
}
do{$a = "no error"
if(test-path $path){try{
Remove-Item $path -ErrorAction Stop
Remove-Item $path2 -ErrorAction Stop
Write-host "Deleted downloaded files."
break
}
catch{$a = "error"
Start-Sleep 10
}
}
}
while($a -eq "error")
}
#Lets get the AppGate Cert sorted
Function importCert{
# X509Certificate2 object that will represent the certificate
$certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
# Imports the certificate from file to x509Certificate object
$certPrint.Import($workingDir+$filename2)
#Get the certificate subject
$certSub = $certPrint.Subject.trim("CN=")
# Checks if the certificate is present in the Certificate Store based on the thumbprint
if (-not (Get-Childitem $certDest | Where-Object {$_.Thumbprint -eq $certPrint.Thumbprint})){
# Create certificate path we will update the friendly name on.
$certpathtoupdate = $certDest+"\"+$certPrint.Thumbprint
# Create X509Store object that will represent our certificate store.
# Since we're checking the Intermediate CAs for the Local Machine we use the respective arguments
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine"
# Open the certificate store in ReadWrite mode
$store.Open("ReadWrite")
# Write the certificate to store
$store.Add($workingDir+$filename2)
#Write friendly name to certificate
(Get-ChildItem -Path $certpathtoupdate).FriendlyName = $friendlyName
# Closing the store when we're done
$store.Close()
Write-Host $certSub "has been added to the Trusted Root Certification Authorities"
}
else{
Write-Host $certSub "was already present in the Trusted Root Certification Authorities"
}
}
#Start the install processes below....
installAppgateAppGate SDP Headless Client
Copy the below PowerShell script below to a file.
Edit the URLs, spaURL, FriendlyName and SDPIDP within the script, based on your setup.
Save the file.
Run the script manually on the machine, or via deployment tools such SCCM or PQD deploy.
#Update the URLs, spaURL, and FriendlyName below.
$installerURL = "https://yourhost/AppGate-Installer.exe"
$certURL = "https://yourhost/Appgate.cer" #CA cert from AppGate Controller
$spaURL = "https://yourSDPController/eyJzcGEiOnsibW9kZSI6IlRDUCIsIm5hbWUiOiJDcnlwdHpvbmVLZXkiLCJrZXkiOiI3Nzg2M2JkN2M0YTc0ODYzOTk3Nz"
$friendlyName = "Your cert friendly name"
$SDPconfig = 'C:\Program Files (x86)\AppGate SDP\Service\AppGate Service Configurator.exe' #AppGate install path may change with client version
$SDPIDP = '"Your Identity Provider in AppGate"'
#The below can be changed if you like.
$workingDir = "c:\temp\"
# Defines the certificate location.
$certDest = "cert:\LocalMachine\Root"
#Don't change these they are used in the script.
$date = Get-Date -Format yyyy_MM_dd
$tmpdir = Test-Path $workingDir
if (-not $tmpdir) { New-Item -ItemType Directory -path $workingDir > $null }
$filename = Split-Path $installerURL -Leaf
$filename2 = Split-Path $certURL -Leaf
$path = $workingDir + $filename
$path2 = $workingDir + $filename2
#Downloads the AppGate Client and Cert files before installing.
Function DownloadAppgateCert
{
Write-Host "Downloading Client Installer."
(New-Object Net.WebClient).DownloadFile($installerURL, $path)
Write-Host "Downloading Cert File."
(New-Object Net.WebClient).DownloadFile($certURL, $path2)
try
{
Write-Host "Adding Cert to Store"
importCert
}
catch
{
Write-Host "Something went wrong adding Cert to Store"
}
}
#Lets get the AppGate Cert sorted
Function importCert
{
###Dont change the below line, update the 2 $CertName's lower down for the Local Cert.
$CertName = $workingDir + $filename2
# X509Certificate2 object that will represent the certificate
$certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
# Imports the certificate from file to x509Certificate object
$certPrint.Import($CertName)
#Get the certificate subject
$certSub = $certPrint.Subject.trim("CN=")
# Checks if the certificate is present in the Certificate Store based on the thumbprint
if (-not (Get-Childitem $certDest | Where-Object { $_.Thumbprint -eq $certPrint.Thumbprint }))
{
# Create certificate path we will update the friendly name on.
$certpathtoupdate = $certDest +"\" + $certPrint.Thumbprint
# Create X509Store object that will represent our certificate store.
# Since we're checking the Intermediate CAs for the Local Machine we use the respective arguments
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine"
# Open the certificate store in ReadWrite mode
$store.Open("ReadWrite")
# Write the certificate to store
$store.Add($CertName)
#Write friendly name to certificate
(Get-ChildItem -Path $certpathtoupdate).FriendlyName = $friendlyName
# Closing the store when we're done
$store.Close()
Write-Host $certSub "has been added to the Trusted Root Certification Authorities"
installAppgateHeadless
}
else
{
Write-Host $certSub "was already present in the Trusted Root Certification Authorities"
installAppgateHeadless
}
}
Function installAppgateHeadless
{
try
{
Write-Host "Installing Appgate Client."
Start-Process -Wait -FilePath $Path -ArgumentList "/E /S /A"
Write-Host "AppGate Headless Install done."
$SDPPATH = gci "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" | foreach { gp $_.PSPath } | ? { $_.DisplayName -like "Appgate*" } | select DisplayName, UninstallString, InstallLocation
$SDPconfig = $SDPPATH.InstallLocation + "\service\AppGate SDP Service Configurator.exe"
Write-Host "Running Config."
start-process -filepath $SDPconfig -ArgumentList "set -u sdpadsync -p EFv1(*xEncWi" | Out-Null
start-process -filepath $SDPconfig -ArgumentList "set -r $SDPIDP" | Out-Null
start-process -filepath $SDPconfig -ArgumentList "set -o `"$spaURL`"" | Out-Null
sleep 30
Write-Host "Config done."
}
catch
{
$_.Exception.Message
Write-Host "Something went wrong Installing AppGate Headless client"
}
}
DownloadAppgateCert