# --------------------------------------------- # LOCAL HTTPS SETUP FOR KEEPASSHTTP LISTENER # --------------------------------------------- $ErrorActionPreference = "Stop" # --- CONFIG --- $dns = "localhost" $port = 19456 $friendlyName = "KeePassLocalHttpsCert" $storeLocationRoot = "LocalMachine" $storeNameRoot = "Root" $storeLocationMy = "LocalMachine" $storeNameMy = "My" $prefix = "https://$dns`:$port/" Write-Host "==============================================" Write-Host " HTTPS Setup for Local Secure Communication " Write-Host "==============================================" Write-Host "" # Ensure administrator if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { Write-Host "[ERROR] This script must be run as Administrator." -ForegroundColor Red exit 1 } # --------------------------------------------- # Step 1 โ€” Check/create certificate # --------------------------------------------- Write-Host "๐Ÿ” Checking for existing certificate..." -ForegroundColor Cyan $myStore = New-Object System.Security.Cryptography.X509Certificates.X509Store($storeNameMy, $storeLocationMy) $myStore.Open("ReadWrite") $existingCert = $myStore.Certificates | ? { $_.FriendlyName -eq $friendlyName } if ($existingCert) { Write-Host "โœ” Found existing certificate: $friendlyName" -ForegroundColor Green $cert = $existingCert } else { Write-Host "โณ Creating new self-signed certificate for '$dns'..." -ForegroundColor Yellow $cert = New-SelfSignedCertificate ` -DnsName $dns, "127.0.0.1" ` -FriendlyName $friendlyName ` -CertStoreLocation "Cert:\$storeLocationMy\$storeNameMy" ` -KeyExportPolicy Exportable ` -NotAfter (Get-Date).AddYears(5) Write-Host "โœ” Certificate created successfully!" -ForegroundColor Green } $myStore.Close() # --------------------------------------------- # Step 2 โ€” Ensure certificate is trusted # --------------------------------------------- Write-Host "" Write-Host "๐Ÿ” Ensuring certificate is trusted..." -ForegroundColor Cyan $rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store($storeNameRoot, $storeLocationRoot) $rootStore.Open("ReadWrite") $alreadyInRoot = $rootStore.Certificates | Where-Object { $_.Thumbprint -eq $cert.Thumbprint } if ($alreadyInRoot) { Write-Host "โœ” Certificate already trusted (Root store)." -ForegroundColor Green } else { Write-Host "โณ Adding certificate to Trusted Root..." -ForegroundColor Yellow $rootStore.Add($cert) Write-Host "โœ” Certificate trusted successfully!" -ForegroundColor Green } $rootStore.Close() # --------------------------------------------- # Step 3 โ€” Clean old HTTPS bindings # --------------------------------------------- Write-Host "" Write-Host "๐Ÿงน Cleaning old HTTPS bindings on port $port..." -ForegroundColor Cyan try { netsh http delete sslcert ipport=0.0.0.0:$port | Out-Null Write-Host "โœ” Old bindings removed." -ForegroundColor Green } catch { Write-Host "โ„น No old bindings found." -ForegroundColor DarkGray } # --------------------------------------------- # Step 4 โ€” Bind certificate to port # --------------------------------------------- Write-Host "" Write-Host "๐Ÿ”— Binding certificate to port $port..." -ForegroundColor Cyan $thumb = $cert.Thumbprint $appid = [guid]::NewGuid() netsh http add sslcert ` ipport=0.0.0.0:$port ` certhash=$thumb ` certstorename=$storeNameMy ` appid="{$appid}" | Out-Null Write-Host "โœ” HTTPS binding added successfully!" -ForegroundColor Green # --------------------------------------------- # Step 5 โ€” Summary # --------------------------------------------- Write-Host "" Write-Host "==============================================" Write-Host " SETUP COMPLETE ๐ŸŽ‰" Write-Host "==============================================" Write-Host "" Write-Host "๐Ÿ”’ HTTPS is now enabled for your local server." Write-Host "" Write-Host "๐Ÿ“œ Details:" Write-Host " - Hostname: $dns" Write-Host " - Port: $port" Write-Host " - Prefix: $prefix" Write-Host " - Thumbprint: $thumb" Write-Host " - Cert Name: $friendlyName" Write-Host "" Write-Host "๐Ÿงช Test it in your browser:" Write-Host " $prefix" -ForegroundColor Yellow Write-Host "" Write-Host "โœ” Your Chrome extension should now work without certificate errors." Write-Host "" Write-Host "==============================================" Write-Host ""