# ITD.Infra-Certificate-Internal.Sectigo

### Written by: Freeman Peterson fjpeterson@nd.gov

# Description
This module is used to interact Sectigo API

## Prerequisites
None

# Api Documentation
https://www.sectigo.com/knowledge-base/detail/Sectigo-Certificate-Manager-SCM-REST-API/kA01N000000XDkE

# Git repo
https://dev.azure.com/ndgov/NDIT-WindowsServerTeam/_git/ITD.Infra-Certificate-Internal.Sectigo

# Install

### Add Gallary
```
 Register-PSRepository -Name ITD_PwshGallery `
    -SourceLocation "https://powershell.nd.gov/ITD_PwshGallery/nuget/" `
    -PublishLocation "https://powershell.nd.gov/ITD_PwshGallery/nuget/" `
    -InstallationPolicy Trusted
```

### Install Module
```
Find-Module -Repository ITD_PwshGallery -Name ITD.Infra-Certificate-Internal.Sectigo|Install-Module -Scope CurrentUser
```

### Validate Module installed
```
Get-Command -Module ITD.Infra-Certificate-Internal.Sectigo
```
### Update Module
```
Find-Module -Repository ITD_PwshGallery -Name ITD.Infra-Certificate-Internal.Sectigo|Update-Module
```

# Examples and Information

### Obtaining CSR From File
```
$csr = (Get-Content -Path "c:\temp\hostname.csr" -Raw)
```

### Get Token Prompt for Creds
```
$env:Sectigoclientid='b16d95fd-405f-4d41-a748-c1035916a359'
$env:SectigoclientSecret=redacted

Get-SectigoApiToken
```


### Test Cert Request
```
Test-SectigoCertificateRequest -FilePath $csrpath
```

### Enroll the CSR
```
$certRequest = Enroll-SectigoCertificateRequest -Csr $csr -dcvEmail 'youremail@nd.gov" #-Comment "app123"
```

### Get Cert Status
```
Get-SectigoCertificate -Orderid $certRequest.sslid
```

### Wait for approval
```
while ($certstatus -ne "Issued") {
  $certstatus=(Get-SectigoCertificate -OrderId $certRequest.sslid).status
  Sleep 1
}
```

### Download Cert
```
$CertPath = (Download-SectigoCertificate -Orderid $certRequest.sslid -Format "pem").FullName
```

Default Format: Pem
 'x509' - for Certificate (w/ chain) PEM encoded
 'x509CO' - for Certificate only, PEM encoded
 'base64' - for PKCS#7, PEM encoded
 'bin' - for PKCS#7, 'x509IO' - for Root/Intermediate(s) only, PEM encoded
 'x509IOR' - for Intermediate(s)/Root only, PEM encoded
 'pem' - for Certificate (w/ chain), PEM encoded
 'pemco' - for Certificate only, PEM encoded
 'pemia' - for Certificate (w/ issuer after), PEM encoded
 'x509R' - for Certificate (w/ chain), PEM encoded
  base64

###  Add it to a cert store
As administrator:
```
  Import-Certificate -FilePath "C:\Certs\cert_OrderNumber.pem" -CertStoreLocation Cert:\LocalMachine\My
```

# Other functions

### Revoke
```
Revoke-SectigoCertificate -reasonCode 4 -reason "Just a test" -Orderid 11012388
```
No results will be given back to you.

*If you revoke a cert you will no longer see them in Get-SectigoCertificate
Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5))

### Org Lookup
```
Get-SectigoOrg
```

### Certificate Types
```
Get-SectigoCertificateTypes
```