Created
December 12, 2016 05:37
-
-
Save nmanzi/586205536de5c1f3999adc79321f96d7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Written by nathan.manzi@diverseit.com.au | |
## Required installation of the ACMESharp powershell module | |
## Follow installation steps at https://github.com/ebekker/ACMESharp/wiki/Quick-Start | |
## | |
Import-Module acmesharp | |
## !! Modify these variables before running script !! | |
$domain = "adfs.contoso.com" | |
$email = "jbloggs@contoso.com" | |
## | |
$vault = "C:\Vault\{0}\{1}" -f $domain, [guid]::NewGuid() | |
$idalias = -join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_}) | |
$certalias = -join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_}) | |
mkdir $vault | |
cd $vault | |
If(Get-ACMEVault) { | |
Write-Host "Vault exists, not creating new vault" | |
} Else { | |
Initialize-ACMEVault | |
Write-Host "New Vault created." | |
} | |
New-ACMERegistration -Contacts mailto:$email -AcceptTos | |
New-ACMEIdentifier -Dns $domain -Alias $idalias | |
$completedChallenge = Complete-ACMEChallenge $idalias -ChallengeType dns-01 -Handler manual | |
$challengeAnswer = ($completedChallenge.Challenges | Where-Object { $_.Type -eq "dns-01" }).ChallengeAnswer | |
$key = $challengeAnswer.Key | |
Write-Host "Create a new DNS TXT record for _acme-challenge.$domain" | |
Write-Host "Use the following key as the text value:" | |
Write-Host $challengeAnswer.Value | |
$response = Read-Host -Prompt "Press enter when ready..." | |
Write-Host "Submitting challenge and awaiting response." | |
Submit-ACMEChallenge $idalias -ChallengeType dns-01 | |
$challenge = (Update-ACMEIdentifier $idalias -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"} | |
While ($challenge.Status -eq "pending") { | |
Start-Sleep -s 5 # wait half a second before trying | |
Write-Host "Status is still 'pending', waiting for it to change..." | |
$challenge = (Update-ACMEIdentifier $idalias -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"} | |
} | |
If($challenge.Status -eq "valid") { | |
New-ACMECertificate -Identifier $idalias -Alias $certalias -Generate | |
$certificateInfo = Submit-ACMECertificate -Ref $certalias | |
While([string]::IsNullOrEmpty($certificateInfo.IssuerSerialNumber)) { | |
Start-Sleep -s 5 # wait half a second before trying | |
Write-Host "IssuerSerialNumber is not set yet, waiting for it to be populated..." | |
$certificateInfo = Update-ACMECertificate -Ref $certalias | |
} | |
$completecert = Get-ACMECertificate $certalias | |
Get-ACMECertificate $certalias -ExportPkcs12 "$vault\$certalias-all.pfx" | |
Write-Host "All done, there's a $certalias-all.pfx file in $vault for you to use now" | |
Write-Host "If you are using this certificate for ADFS, enter the following command manually." | |
Write-Host "certutil.exe -csp `"Microsoft Enhanced RSA and AES Cryptographic Provider`" -importpfx $certalias-all.pfx" | |
Write-Host "NOTE: Just hit enter when it asks for a password." | |
Write-Host ("The thumbprint of this certificate is '{0}'" -f $completecert.Thumbprint) | |
} Else { | |
$message = "Status is '{0}', can't continue as it is not 'valid'." -f $challenge.Status | |
Write-Host $message | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment