# Script will download a CA .crt file from a URL, then install the CA
# into the Trusted Root Certificates Authorities store
# Must be run as administrator
# change $crtPath and $crtUrl for your specific installation
#
# will create c:\Temp if it doesn't exist

# Set the URL for the CA .crt file
$crtUrl = "http://example.org/myCA.crt"  # Replace this with your actual URL

# Set the path where you want to save the certificate
$crtPath = "C:\Temp\myCA.crt"

# Ensure this script runs as an administrator
if (-Not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    throw "Run this script as Administrator!"
}

# Create the Temp directory if it doesn't exist
If (!(Test-Path "C:\Temp")) {
    New-Item -ItemType Directory -Path "C:\Temp"
}

# Download the CA certificate
Invoke-WebRequest -Uri $crtUrl -OutFile $crtPath

# Check if the download was successful
If (Test-Path $crtPath) {
    Write-Host "Downloaded certificate to $crtPath"

    # Install the certificate to the Trusted Root Certification Authorities store
    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $cert.Import($crtPath)
    
    $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("Root", "LocalMachine")
    $store.Open("ReadWrite")
    $store.Add($cert)
    $store.Close()

    Write-Host "CA certificate installed successfully."
} else {
    Write-Host "Failed to download the certificate."
}