# Ensure this script runs as an administrator
if (-Not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    throw "Run this script as Administrator!"
}

# change this to the actual name of your Certificate
$PemFileName = "ca.pem"

# Define the path to the PEM file
$CurrentDir = Split-Path -Parent $MyInvocation.MyCommand.Path
$PemFilePath = Join-Path -Path $CurrentDir -ChildPath $PemFileName

# Check if PEM file exists
if (-Not (Test-Path $PemFilePath)) {
    throw "CA PEM file not found at path: $PemFilePath"
}

# Import CA from PEM file using certutil
Write-Host "Importing the Certificate Authority from PEM file..." -ForegroundColor Cyan

certutil -addstore -f "ROOT" $PemFilePath

# Verify that the CA was imported successfully
$importedCA = Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Subject -like "*CN=*" }
if ($importedCA) {
    Write-Host "Successfully imported CA from PEM file:" -ForegroundColor Green
    $importedCA | Format-Table -Property Subject, Thumbprint
} else {
    Write-Host "Failed to import CA from PEM file." -ForegroundColor Red
}