VariableDefaults - RIT-ITS/CertifiCat-PS GitHub Wiki
One of the guiding principals for the CertifiCat-PS module is to avoid the use of hard-coded strings, particularly when it comes to setting default values for function parameters.
This page outlines the default variables that are defined in the module, their purpose, and where they are used. In most cases, these values can be overriden at runtime via a corresponding parameter specified in a function.
The following table outlines:
- The name of the variable
- The current value that ships with CertifiCat-PS
- The function(s) which leverage the variable
- The parameter name that can be specified to overwrite the default value when calling the function(s)
- A description of the variable
| Variable Name | CertifiCat-PS Default | Referencing Function(s) | Parameter Name(s) | Description |
|---|---|---|---|---|
| DEFAULT_ACME_SERVER | https://acme.rit.edu/directory | Initialize-ACMEEnvironment | ACMEServer | Specifies the ACME server to which Posh-ACME will connect |
| DEFAULT_POSHACME_HOME | %PROGRAMDATA%\CertifiCat-PS\posh-acme | Initialize-ACMEEnvironment, Set-ACMEHome | paHome | Specifies the Posh-ACME working directory that will be used. This overwrites the default Posh-ACME working directory of the current user's LOCALAPPDATA directory. |
| DEFAULT_CERTIFICATE_STORE_NAME | WebHosting | Initialize-ExistingACMECertificate, Initialize-NewACMECertificate, Repair-NewACMEOrder | StoreName | The Name of the Windows Certificate Store into which new certificates will be imported. |
| DEFAULT_CERTIFICATE_STORE_LOCATION | LocalMachine | Initialize-ExistingACMECertificate, Initialize-NewACMECertificate, Repair-NewACMEOrder | StoreLocation | The location in the Windows Certificate Store into which new certificates will be imported. |
| DEFAULT_IIS_WEBSITE | Default Web Site | Disable-ACMEProxyRedirect, Enable-ACMEProxyRedirect, Initialize-ACMEProxyRedirect | IISSiteName | The IIS Site in which the ACME challenge redirect rule exists. |
| DEFAULT_RENEWAL_METHOD | PA | Confirm-ACMERenewalReadiness, Initialize-NewACMECertificate | RenewalMethod | The method by which CertifiCat-PS reviews certificates to determine if they need to be renewed. |
| DEFAULT_RENEWAL_DIRECTORY | %PROGRAMDATA%\CertifiCat-PS\certificates | Confirm-ACMERenewalReadiness, Initialize-NewACMECertificate | RenewalDirectory | The directory in which CertifiCat-PS looks for certificates to determine renewal readiness, if the RenewalMethod is Directory
|
| DEFAULT_RENEWAL_THRESHOLD | 14 | Confirm-ACMERenewalReadiness, Initialize-NewACMECertificate | RenewalThreshold | The number of days prior to expiration that CertifiCat-PS will trigger a certificate renewal |
| DEFAULT_URL_REWRITE_RULE_NAME | ACME Challenge Proxy | Disable-ACMEProxyRedirect, Enable-ACMEProxyRedirect, Initialize-ACMEProxyRedirect | URLRewriteRuleName | The name of the URL Rewrite rule that is created to redirect ACME challenge requests. |
| DEFAULT_URL_REWRITE_INSTALLER_LOG | %PROGRAMDATA%\CertifiCat-PS\logs\urlRewriteInstaller.log | Initialize-ACMEProxyRedirect | URLRewriteInstallerLog | The path and log file to the MSI log that is created, if the URL Rewrite module needs to be installed. |
| DEFAULT_URL_REWRITE_INSTALLER_MSI | %TEMP%\rewrite_amd64_en-US.msi | Initialize-ACMEProxyRedirect | URLRewriteInstaller | The local path to the URL Rewrite installer that is run, in cases where the module needs to be installed. |
| DEFAULT_URL_REWRITE_INSTALLER_DOWNLOAD_URL | https://download.microsoft.com/download/1/2/8/128E2E22-C1B9-44A4-BE2A-5859ED1D4592/rewrite_amd64_en-US.msi | Initialize-ACMEProxyRedirect | URLRewriteDownloadURL | The URL from which the URL Rewrite module is downloaded, if it is not already present. |
| DEFAULT_URL_REWRITE_INSTALLER_EXPECTED_HASH | 37342FF2F585F263F34F48E9DE59EB1051D61015A8E967DBDE4075716230A32A | Initialize-ACMEProxyRedirect | URLRewriteInstallerExpectedHash | The SHA256 hash of the URL Rewrite module installer, used to |
| DEFAULT_DEBUG_LOG_DIRECTORY | %PROGRAMDATA%\CertifiCat-PS\logs\debug | All CertifiCat-Functions | debugLogDirectory | The directory into which CertifiCat-PS debug logs are placed, if debug is enabled and the mode is Both or File. |
| DEFAULT_EVENT_LOG_SOURCE | CertifiCat-PS | All CertifiCat-Functions | - (This variable is not exposed as a module parameter) | The event log source that CertifiCat-PS debug logs are written to, if debug is enabled and the mode is Both or EVT. |
| DEFAULT_DEBUG_MODE | EVT | All CertifiCat-Functions | debugMode | The mode in which CertifiCat-PS debug logs are output |
| DEFAULT_JITTER | 0 | Initialize-NewACMECertificate | jitter | The maximum value (in seconds) that the CertifiCat-PS module will wait before making a call to Posh-ACME to get a new certificate. |
| DEFAULT_CERT_KEY_LENGTH | 4096 | Initialize-NewACMECertificate | CertKeyLength | The key size/type associated with the new private key that will be generated. |
| DEFAULT_CENTRAL_DIRECTORY | %PROGRAMDATA%\CertifiCat-PS\certificates | Initialize-NewACMECertificate, Repair-NewACMEOrder | CentralDirectory | The directory into which certificates obtained by Posh-ACME are copied. |
| VALIDATE_PATTERN_PFX_PATH | (.)*.pfx | Initialize-ExistingACMECertificate | - (This variable is not exposed as a module parameter) | Used to validate the PfxPath parameter, ensuring that an actual certificate file is attempting to be loaded. Realistically, this variable should never need to be changed, but we're treating it like our other variables to eliminate the use of hard-coded strings in our module files. |
| VALIDATE_PATTERN_CERT_DOMAIN_NAME | (.)*.rit.edu | Initialize-NewACMECertificate | - (This variable is not exposed as a module parameter) | The pattern against which all domain names / SANs on a certificate request are validated. This ensures that users don't accidentally typo a domain/hostname, and that certificates are being issued for an organization's expected domains. This will likely be the most common variable that a user outside of RIT needs to change, and as such, we provide a dedicated function, Set-CertifiCatDomainValidation to help out here. |
To overwrite a default value for a particular variable, simply create an Environmental Variable (either as a user or system variable) that is named CERTIFICAT_<NAME OF VARIABLE TO OVERWRITE>. See the table below for the list of current default variables and their corresponding use.
Upon initialization, CertifiCat-PS will check to see if any Environmental Variable exists for a particular default variable, and if so, overwrite the value in the module manifest file with the value from the Environmental Variable.
To verify the default value of all variables defined in CertifiCat-PS, run Get-CertifiCatVariables and read the VariableList property.
Note: The Get-CertifiCat-PS function will also display the value of the POSHACME_HOME variable. This is not used directly by CertifiCat-PS, but rather, by Posh-ACME to control the ACME working directory. CertifiCat-PS provides a dedicated function, Set-ACMEHome, to help facilitate the updating of this variable.
PS C:\Users\certificat> (get-certificatvariables).variablelist | Format-Table -autosize
Name Value
---- -----
DEFAULT_ACME_SERVER https://acme.rit.edu/directory
DEFAULT_POSHACME_HOME C:\ProgramData\CertifiCat-PS\posh-acme
DEFAULT_CERTIFICATE_STORE_NAME WebHosting
DEFAULT_CERTIFICATE_STORE_LOCATION LocalMachine
DEFAULT_IIS_WEBSITE Default Web Site
DEFAULT_RENEWAL_METHOD PA
DEFAULT_RENEWAL_DIRECTORY C:\ProgramData\CertifiCat-PS\certificates
DEFAULT_RENEWAL_THRESHOLD 14
DEFAULT_URL_REWRITE_RULE_NAME ACME Challenge Proxy
DEFAULT_URL_REWRITE_INSTALLER_LOG C:\ProgramData\CertifiCat-PS\logs\urlRewriteInstaller.log
DEFAULT_URL_REWRITE_INSTALLER_MSI C:\Users\mpbits\AppData\Local\Temp\rewrite_amd64_en-US.msi
DEFAULT_URL_REWRITE_INSTALLER_DOWNLOAD_URL https://download.microsoft.com/download/1/2/8/128E2E22-C1B9-44A4-BE2A-5859ED1D4592/rewrite_amd64_en-US.msi
DEFAULT_URL_REWRITE_INSTALLER_EXPECTED_HASH 37342FF2F585F263F34F48E9DE59EB1051D61015A8E967DBDE4075716230A32A
DEFAULT_DEBUG_LOG_DIRECTORY C:\ProgramData\CertifiCat-PS\logs\debug
DEFAULT_EVENT_LOG_SOURCE CertifiCat-PS
DEFAULT_DEBUG_MODE EVT
DEFAULT_JITTER 1800
DEFAULT_CERT_KEY_LENGTH 4096
DEFAULT_CENTRAL_DIRECTORY C:\ProgramData\CertifiCat-PS\certificates
VALIDATE_PATTERN_PFX_PATH (.)*\.pfx
VALIDATE_PATTERN_CERT_DOMAIN_NAME (.)*.rit.edu
POSHACME_HOME c:\its\posh-acme