eternalyperplxed/HPiLOCertificateRequest.ps1

## HPiLOCertificateRequest.ps1
#Version 1.2
#Written by Robert Stasiunas
#CREDITS: https://gist.github.com/mycloudrevolution/iLOSignCertv2-31.ps1
#
#REQUIRED: THE PSPKI MODULE AND HPILOCMDLETS MUST BE INSTALLED
#
#CHANGE HISTORY
#3/13/18 - Initial Build
#3/14/18 - Added logic to check for required modules.  Force imports modules.
#3/14/18 - Added check for iLO 2.  If iLO 2 is found, script exits with error.
#3/19/18 - Added ErrorActions to stop script if an error is encountered.
#
#This script performs the following:
# - Connect to iLO interface specified and generate a CSR
# - Submit CSR to CA
# - Approve pending request (provided the user has rights to approve)
# - Retrieve the certificate
# - Apply the certificate to iLO
#
#USAGE: ilorequest.ps1 -ipaddress -password

Param(
    [Parameter(Mandatory=$true)]
    [string]$ipaddress,
    [Parameter(Mandatory=$true)]
    [string]$password
)

#Logic to check for required modules.
#If modules are not present the script will exit.
if (Get-Module -Name HPiLOCmdlets){
    Write-Host "HPiLOCmdlets are installed. Continuing..."
    }
    else {
        Write-Host "HPiLOCmdlets are not installed. Exiting"
        exit
        }
if (Get-Module -Name PSPKI){
    Write-Host "PSPKI Module is installed. Continuing..."
    }
    else {
        Write-Host "PSPKI Module is not installed. Exiting"
        exit
        }

Import-Module PSPKI
Import-Module HPiLOCmdlets

#Build initial variables for the request
$username='Administrator'
$certpath="C:\Certs\iLO"
$locality='CITY'
$state='STATE'
$country='COUNTRY'
$org='COMPANY'
$org_unit='DEPARTMENT'
$ilo=Find-HPiLO -Range $ipaddress -ErrorAction Stop
$hostname=$ilo.hostname
$certsrv=Get-CertificationAuthority | where {$_.DisplayName -eq 'CA'}

#Check if system is running iLO 2.
#If so, exit since iLO 2 is unsupported by the modules
if ($ilo.PN -like '*iLO 2*'){
    Write-Error "Sorry, iLO 2 is not supported"
    exit
    }

#Requests iLO to begin generating a CSR.
#This can take some time.  We'll revist later in the script.
$request=Get-HPiLOCertificateSigningRequest -Server $ipaddress `
-Username $username -Password $password -State $state `
-Country $country -Locality $locality -Organization $org `
-OrganizationalUnit $org_unit -CommonName $hostname `
-DisableCertificateAuthentication -ErrorAction Stop
$gotCSR=$false

#Loop to check if CSR is generated.
#If not will continue trying until it fails or the CSR is complete.
while ($gotCSR -eq $false){
if ($request.STATUS_TYPE -eq "OK"){
    if ($request.CERTIFICATE_SIGNING_REQUEST -ne ""){
        $request.CERTIFICATE_SIGNING_REQUEST | Out-File $certpath\currentcsr.txt -Encoding ascii -Force
        Write-Host "CSR copied to $certpath\currentcsr.txt"
        $gotCSR=$true
        }
    else{
        Write-Host "CSR failed."
        continue
        }
        }
else{
    #Generating a CSR can take some time, especially on iLO3.
    Write-Host "Generating CSR.  This may take a few minutes..."
    Start-Sleep -Seconds 30
    $request=Get-HPiLOCertificateSigningRequest -Server $ipaddress `
    -Username $username -Password $password -State $state `
    -Country $country -Locality $locality -Organization $org `
    -OrganizationalUnit $org_unit -CommonName $hostname `
    -DisableCertificateAuthentication
    }
}
#Removes any previous certificate to keep file structure clean.
Write-Host "Signing certificate"
if(Test-Path "$certpath\*.cer"){
   Remove-Item "$certpath\*.cer"
   }

#Submits the request to the CA using the TEMPLATE template.
#Also creates an object for the pending request to use for approval in the next step.
Write-Host "Submitting CSR to"$certsrv.DisplayName
$submit=Submit-CertificateRequest -Path $certpath\currentcsr.txt `
-CertificationAuthority $certsrv -Attribute 'CertificateTemplate:TEMPLATE'
$reqID=$submit.RequestID
$pendingreq=Get-PendingRequest -CertificationAuthority $certsrv -RequestID $reqID

#Connects to the CA under the context of the user running the script to approve the request
#The request must be an object created from the Get-PendingRequest cmdlet.
#Passing a simple RequestID is not sufficient.  I don't know why...
Write-Host "Approving Request $reqID"
Approve-CertificateRequest -Request $pendingreq

#Gets the issued certificate from the CA
Write-Host "Retrieving Certificate"
$issuedreq=Get-IssuedRequest -CertificationAuthority $certsrv -RequestID $reqID
Receive-Certificate -RequestRow $issuedreq -Path "$certpath"
Write-Host "Certificate is located in $certpath\RequestID_$reqID.cer"

#Installs certificate to iLO.  The '-Raw' option is required in order to retain Base64 encoding.
Write-host "Installing Certificate to iLO"
$issuedcert= Get-Content "$certpath\RequestID_$reqID.cer" -Raw
$install=Import-HPiLOCertificate -Server $ipaddress `
-Username $username -Password $password `
-Certificate $issuedcert -DisableCertificateAuthentication

if ($install.STATUS_TYPE -like 'ERROR'){
    Write-Host "Certificate Install Failed"
    Write-Host $install.STATUS_MESSAGE
    }
    else{
        Write-Host "Certificate installed successfully. iLO will now reset"
        }
#Cleanup CSR files
if(Test-Path "$certpath\currentcsr.txt"){
   Remove-Item "$certpath\currentcsr.txt"
   }
	#Version 1.2
	#Written by Robert Stasiunas
	#CREDITS: https://gist.github.com/mycloudrevolution/iLOSignCertv2-31.ps1
	#
	#REQUIRED: THE PSPKI MODULE AND HPILOCMDLETS MUST BE INSTALLED
	#
	#CHANGE HISTORY
	#3/13/18 - Initial Build
	#3/14/18 - Added logic to check for required modules. Force imports modules.
	#3/14/18 - Added check for iLO 2. If iLO 2 is found, script exits with error.
	#3/19/18 - Added ErrorActions to stop script if an error is encountered.
	#
	#This script performs the following:
	# - Connect to iLO interface specified and generate a CSR
	# - Submit CSR to CA
	# - Approve pending request (provided the user has rights to approve)
	# - Retrieve the certificate
	# - Apply the certificate to iLO
	#
	#USAGE: ilorequest.ps1 -ipaddress -password

	Param(
	[Parameter(Mandatory=$true)]
	[string]$ipaddress,
	[Parameter(Mandatory=$true)]
	[string]$password
	)

	#Logic to check for required modules.
	#If modules are not present the script will exit.
	if (Get-Module -Name HPiLOCmdlets){
	Write-Host "HPiLOCmdlets are installed. Continuing..."
	}
	else {
	Write-Host "HPiLOCmdlets are not installed. Exiting"
	exit
	}
	if (Get-Module -Name PSPKI){
	Write-Host "PSPKI Module is installed. Continuing..."
	}
	else {
	Write-Host "PSPKI Module is not installed. Exiting"
	exit
	}

	Import-Module PSPKI
	Import-Module HPiLOCmdlets

	#Build initial variables for the request
	$username='Administrator'
	$certpath="C:\Certs\iLO"
	$locality='CITY'
	$state='STATE'
	$country='COUNTRY'
	$org='COMPANY'
	$org_unit='DEPARTMENT'
	$ilo=Find-HPiLO -Range $ipaddress -ErrorAction Stop
	$hostname=$ilo.hostname
	$certsrv=Get-CertificationAuthority \| where {$_.DisplayName -eq 'CA'}

	#Check if system is running iLO 2.
	#If so, exit since iLO 2 is unsupported by the modules
	if ($ilo.PN -like 'iLO 2'){
	Write-Error "Sorry, iLO 2 is not supported"
	exit
	}

	#Requests iLO to begin generating a CSR.
	#This can take some time. We'll revist later in the script.
	$request=Get-HPiLOCertificateSigningRequest -Server $ipaddress `
	-Username $username -Password $password -State $state `
	-Country $country -Locality $locality -Organization $org `
	-OrganizationalUnit $org_unit -CommonName $hostname `
	-DisableCertificateAuthentication -ErrorAction Stop
	$gotCSR=$false

	#Loop to check if CSR is generated.
	#If not will continue trying until it fails or the CSR is complete.
	while ($gotCSR -eq $false){
	if ($request.STATUS_TYPE -eq "OK"){
	if ($request.CERTIFICATE_SIGNING_REQUEST -ne ""){
	$request.CERTIFICATE_SIGNING_REQUEST \| Out-File $certpath\currentcsr.txt -Encoding ascii -Force
	Write-Host "CSR copied to $certpath\currentcsr.txt"
	$gotCSR=$true
	}
	else{
	Write-Host "CSR failed."
	continue
	}
	}
	else{
	#Generating a CSR can take some time, especially on iLO3.
	Write-Host "Generating CSR. This may take a few minutes..."
	Start-Sleep -Seconds 30
	$request=Get-HPiLOCertificateSigningRequest -Server $ipaddress `
	-Username $username -Password $password -State $state `
	-Country $country -Locality $locality -Organization $org `
	-OrganizationalUnit $org_unit -CommonName $hostname `
	-DisableCertificateAuthentication
	}
	}
	#Removes any previous certificate to keep file structure clean.
	Write-Host "Signing certificate"
	if(Test-Path "$certpath\*.cer"){
	Remove-Item "$certpath\*.cer"
	}

	#Submits the request to the CA using the TEMPLATE template.
	#Also creates an object for the pending request to use for approval in the next step.
	Write-Host "Submitting CSR to"$certsrv.DisplayName
	$submit=Submit-CertificateRequest -Path $certpath\currentcsr.txt `
	-CertificationAuthority $certsrv -Attribute 'CertificateTemplate:TEMPLATE'
	$reqID=$submit.RequestID
	$pendingreq=Get-PendingRequest -CertificationAuthority $certsrv -RequestID $reqID

	#Connects to the CA under the context of the user running the script to approve the request
	#The request must be an object created from the Get-PendingRequest cmdlet.
	#Passing a simple RequestID is not sufficient. I don't know why...
	Write-Host "Approving Request $reqID"
	Approve-CertificateRequest -Request $pendingreq

	#Gets the issued certificate from the CA
	Write-Host "Retrieving Certificate"
	$issuedreq=Get-IssuedRequest -CertificationAuthority $certsrv -RequestID $reqID
	Receive-Certificate -RequestRow $issuedreq -Path "$certpath"
	Write-Host "Certificate is located in $certpath\RequestID_$reqID.cer"

	#Installs certificate to iLO. The '-Raw' option is required in order to retain Base64 encoding.
	Write-host "Installing Certificate to iLO"
	$issuedcert= Get-Content "$certpath\RequestID_$reqID.cer" -Raw
	$install=Import-HPiLOCertificate -Server $ipaddress `
	-Username $username -Password $password `
	-Certificate $issuedcert -DisableCertificateAuthentication

	if ($install.STATUS_TYPE -like 'ERROR'){
	Write-Host "Certificate Install Failed"
	Write-Host $install.STATUS_MESSAGE
	}
	else{
	Write-Host "Certificate installed successfully. iLO will now reset"
	}
	#Cleanup CSR files
	if(Test-Path "$certpath\currentcsr.txt"){
	Remove-Item "$certpath\currentcsr.txt"
	}