Last active
November 12, 2025 19:49
-
-
Save valorad/b2df10f04d5a6ab15c88f72474f3c20f to your computer and use it in GitHub Desktop.
Revisions
-
valorad revised this gist
Oct 10, 2021 . No changes.There are no files selected for viewing
-
Oct 10, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,23 @@ $GuardianName = 'UntrustedGuardian' $CertificatePassword = Read-Host -Prompt 'Please enter a password to secure the certificate files' -AsSecureString $guardian = Get-HgsGuardian -Name $GuardianName if (-not $guardian) { throw "Guardian '$GuardianName' could not be found on the local system." } $encryptionCertificate = Get-Item -Path "Cert:\LocalMachine\Shielded VM Local Certificates\$($guardian.EncryptionCertificate.Thumbprint)" $signingCertificate = Get-Item -Path "Cert:\LocalMachine\Shielded VM Local Certificates\$($guardian.SigningCertificate.Thumbprint)" if (-not ($encryptionCertificate.HasPrivateKey -and $signingCertificate.HasPrivateKey)) { throw 'One or both of the certificates in the guardian do not have private keys. ' + ` 'Please ensure the private keys are available on the local system for this guardian.' } Export-PfxCertificate -Cert $encryptionCertificate -FilePath ".\$GuardianName-encryption.pfx" -Password $CertificatePassword Export-PfxCertificate -Cert $signingCertificate -FilePath ".\$GuardianName-signing.pfx" -Password $CertificatePassword # Adapted from https://nathanblasac.com/error-when-migrating-hyper-v-vm-lab-to-different-host-the-key-protector-could-not-be-unwrapped-f6174f68a860 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,5 @@ $NameOfGuardian = 'previous-host-name-unTG' $CertificatePassword = Read-Host -Prompt 'Please enter the password that was used to secure the certificate files' -AsSecureString New-HgsGuardian -Name $NameOfGuardian -SigningCertificate ".\$NameOfGuardian-signing.pfx" -SigningCertificatePassword $CertificatePassword -EncryptionCertificate ".\$NameOfGuardian-encryption.pfx" -EncryptionCertificatePassword $CertificatePassword -AllowExpired -AllowUntrustedRoot # Adapted from https://nathanblasac.com/error-when-migrating-hyper-v-vm-lab-to-different-host-the-key-protector-could-not-be-unwrapped-f6174f68a860