Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Uploads freshly minted certs to Horizon UAG
Generates an SSL certificate from Let's Encrypt, then connects to each UAG using the REST API and applies the certificate to the Internet interface. The Admin interface (port 9443) is unaffected.
The public DNS name of the UAG
Comma-seperated list of UAGs
Update-UAGCerts.ps1 <DNS name> <UAGs>
Author: Mark Brookfield (@virtualhobbit)
if (!$dnsName) {
Write-Error "No DNS name supplied - aborting"
if (!$uags) {
Write-Error "No UAGs supplied - aborting"
# Define Lets Encrypt parameters
$psMod = "Posh-ACME"
$dnsPlugin = "Route53"
$r53Params = @{R53AccessKey='YOURACCESSKEY'; R53SecretKey='YOURSECRETKEY'}
$email = ""
# Define UAG credentials
$user = 'admin'
Write-Host "Please enter the UAG admin password. Please note this must be the same for all UAGs."
$pass = Read-Host -AsSecureString "Admin password" -Force
$pass = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass))
$creds = "$($user):$($pass)"
# Encode credentials
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($creds))
if (!(Get-InstalledModule -Name $psMod)) {
# Install the Posh-ACME module
Install-Module -Name $psMod -Scope CurrentUser -Force
# Set Let's Encrypt server
Set-PAServer LE_PROD
# Order the certificate
New-PACertificate $dnsName -AcceptTOS -DnsPlugin $dnsPlugin -PluginArgs $r53Params -Contact $email -Verbose -Force
$newCert = Get-PACertificate
# Convert private key to one-liner
$privKey = [IO.File]::ReadAllText($newCert.KeyFile)
$privKeyReplace = $privKey.Replace("`n",'\n')
# Convert SSL certificate to one-liner
$cert = [IO.File]::ReadAllText($newCert.FullChainFile)
$certReplace = $cert.Replace("`n",'\n')
# Create JSON body
$json = '{"privateKeyPem":"' + $privKeyReplace + '","certChainPem":"' + $certReplace + '"}'
# Define API parameters
$params = @{
Headers = @{ 'Authorization' = "Basic $encodedCreds" }
Method = 'PUT'
Body = $json
ContentType = 'application/json'
ForEach ($uag in $uags){
# Define the URI
$Uri = "https://" + $uag + ':9443/rest/v1/config/certs/ssl'
# Display UAG
Write-Host "UAG is: " $uag
# Connect to each UAG and replace SSL certificate and private key
Invoke-RestMethod $uri @params
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment