Sample Automation Scripts - RIT-ITS/CertifiCat-PS GitHub Wiki

Background

There are a significant number of ways in which the CertifiCat-PS module can be implemented, depending on the application, server, and situation in question.

To help administrators to jumpstart their use of CertifiCat-PS, several sample implementation scripts are included which can be used in whole, or part, to renew certificates for a variety of scenarios.

Sample Scripts

All of the sample files listed below are included when installing CertifiCat-PS, and are located in the .\Samples directory of the module's installation directory. For convenience, a function called Copy-CertifiCatSamples is available to quickly copy all sample files to a particular directory, without needing to search for the module itself.

Single Server - Custom Application - Using Certificate File

Filename: Custom-SingleServerUsingCertFile.ps1

Description: This script it intended to be used with standalone servers requiring custom work as part of an application, where the app references the certificate via a certificate file.

Minimal Updates: In order to implement this sample script:

  1. Update the "Script Variables" section, as appropriate, at the top of the script (around line 12)
  2. Update the first "Custom Logic" section as appropriate, around line 151. This block should be where the appropriate application-specific logic is performed to leverage the newly issued certificate file.
  3. Update the "Custom logic" sections around lines 208 and 225. These blocks are where a custom message could be added to the stock Slack message to report on the results of the custom application logic defined in step 2.

Single Server - Custom Application - Using Windows Certificate Store

Filename: Custom-SingleServerUsingCertStore.ps1

Description: This script it intended to be used with standalone servers requiring custom work as part of an application, where the app references the certificate via the Windows Certificate Store.

Minimal Updates: In order to implement this sample script:

  1. Update the "Script Variables" section, as appropriate, at the top of the script (around line 11)
  2. Update the first "Custom Logic" section as appropriate, around line 143. This block should be where the appropriate application-specific logic is performed to leverage the newly issued certificate file.
  3. Update the "Custom logic" sections around lines 200 and 217. These blocks are where a custom message could be added to the stock Slack message to report on the results of the custom application logic defined in step 2.

Multiple Servers - IIS

Filename: IIS-MultipleServers.ps1

Description: This script it intended to be used with a series of servers, running IIS, where a single certificate is issued with all relevant SANs, and applied to all servers. Note that this script represents just one possible manner in which certificates for a pool of servers can be issued.

Minimal Updates: In order to implement this sample script:

  1. Ensure that the secondary servers (i.e. the servers which are not running the script below) are forwarding ACME challenge requests to the main server. This can be accomplished via CertifiCat-PS' Initialize-ACMEProxyRedirect function.
  2. Update the "Script Variables" section, as appropriate, at the top of the script (around line 18)

Single Servers - IIS

Filename: IIS-SingleServer.ps1

Description: This script it intended to be used with a single server running IIS.

Minimal Updates: In order to implement this sample script, update the "Script Variables" section, as appropriate, at the top of the script (around line 11).

Broken links? Is something missing or incorrect with the documentation? Submit an issue and we'll take a look!

Want to help with more than bug fixes or ideas? Contact the project owners at [email protected].

⚠️ **GitHub.com Fallback** ⚠️