Update script to grant IIS pool permissions for the refreshed cert's private key.

imcarolwang · mconnew · commit 63a89547bc8b · 2025-05-21T11:13:45.000-07:00
diff --git a/src/System.Private.ServiceModel/tools/scripts/RefreshServerCertificates.cmd b/src/System.Private.ServiceModel/tools/scripts/RefreshServerCertificates.cmd
@@ -47,6 +47,14 @@ if NOT "%ERRORLEVEL%"=="0" (
     goto end
 )
 
+:: Grant IIS WCF Service Pool permission to access the new certs' private key
+set PoolNames=WcfService1 WcfService2 WcfService3 WcfService4 WcfService5 WcfService6 DefaultAppPool
+
+for %%P in (%PoolNames%) do (
+    echo [%~n0] powershell -NoProfile -ExecutionPolicy unrestricted %_SCRIPTSDIR%\CertificatePrivateKeyPermissions.ps1 'IIS APPPOOL\%%P' >> %_LOGFILE%
+    powershell -NoProfile -ExecutionPolicy unrestricted %_SCRIPTSDIR%\CertificatePrivateKeyPermissions.ps1 'IIS APPPOOL\%%P' >> %_LOGFILE% 2>&1
+)
+
 :: Configure HTTPS ports to use new certificate
 echo [%~n0] powershell -NoProfile -ExecutionPolicy unrestricted %_SCRIPTSDIR%\ConfigHttpsPort.ps1   >> %_LOGFILE% 
 powershell -NoProfile -ExecutionPolicy unrestricted %_SCRIPTSDIR%\ConfigHttpsPort.ps1               >> %_LOGFILE% 2>&1
diff --git a/src/System.Private.ServiceModel/tools/scripts/ScheduledRestartWcfSelfHostedService.cmd b/src/System.Private.ServiceModel/tools/scripts/ScheduledRestartWcfSelfHostedService.cmd
@@ -37,6 +37,9 @@ if not "%ERRORLEVEL%"=="0" (
 echo [%~n0] Kill SelfHostedWCFService.exe so that we can clean up the bin directory >> %_LOGFILE%
 TASKKILL /F /IM SelfHostedWCFService.exe >> %_LOGFILE% 2>&1
 
+echo [%~n0] Kill dotnet.exe processes that might remain after running the certificate refresh script >> %_LOGFILE%
+TASKKILL /F /IM dotnet.exe >> %_LOGFILE% 2>&1
+
 :: Pull the latest code from GitHub
 
 pushd %_GITREPO%
