Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
## Written by nathan.manzi@diverseit.com.au
## Required installation of the ACMESharp powershell module
## Follow installation steps at https://github.com/ebekker/ACMESharp/wiki/Quick-Start
##
Import-Module acmesharp
## !! Modify these variables before running script !!
$domain = "adfs.contoso.com"
$email = "jbloggs@contoso.com"
##
$vault = "C:\Vault\{0}\{1}" -f $domain, [guid]::NewGuid()
$idalias = -join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_})
$certalias = -join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_})
mkdir $vault
cd $vault
If(Get-ACMEVault) {
Write-Host "Vault exists, not creating new vault"
} Else {
Initialize-ACMEVault
Write-Host "New Vault created."
}
New-ACMERegistration -Contacts mailto:$email -AcceptTos
New-ACMEIdentifier -Dns $domain -Alias $idalias
$completedChallenge = Complete-ACMEChallenge $idalias -ChallengeType dns-01 -Handler manual
$challengeAnswer = ($completedChallenge.Challenges | Where-Object { $_.Type -eq "dns-01" }).ChallengeAnswer
$key = $challengeAnswer.Key
Write-Host "Create a new DNS TXT record for _acme-challenge.$domain"
Write-Host "Use the following key as the text value:"
Write-Host $challengeAnswer.Value
$response = Read-Host -Prompt "Press enter when ready..."
Write-Host "Submitting challenge and awaiting response."
Submit-ACMEChallenge $idalias -ChallengeType dns-01
$challenge = (Update-ACMEIdentifier $idalias -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"}
While ($challenge.Status -eq "pending") {
Start-Sleep -s 5 # wait half a second before trying
Write-Host "Status is still 'pending', waiting for it to change..."
$challenge = (Update-ACMEIdentifier $idalias -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"}
}
If($challenge.Status -eq "valid") {
New-ACMECertificate -Identifier $idalias -Alias $certalias -Generate
$certificateInfo = Submit-ACMECertificate -Ref $certalias
While([string]::IsNullOrEmpty($certificateInfo.IssuerSerialNumber)) {
Start-Sleep -s 5 # wait half a second before trying
Write-Host "IssuerSerialNumber is not set yet, waiting for it to be populated..."
$certificateInfo = Update-ACMECertificate -Ref $certalias
}
$completecert = Get-ACMECertificate $certalias
Get-ACMECertificate $certalias -ExportPkcs12 "$vault\$certalias-all.pfx"
Write-Host "All done, there's a $certalias-all.pfx file in $vault for you to use now"
Write-Host "If you are using this certificate for ADFS, enter the following command manually."
Write-Host "certutil.exe -csp `"Microsoft Enhanced RSA and AES Cryptographic Provider`" -importpfx $certalias-all.pfx"
Write-Host "NOTE: Just hit enter when it asks for a password."
Write-Host ("The thumbprint of this certificate is '{0}'" -f $completecert.Thumbprint)
} Else {
$message = "Status is '{0}', can't continue as it is not 'valid'." -f $challenge.Status
Write-Host $message
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.