zmeier/Backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Backup/_NDGOV_WindowsTeam/ITD.Infra-Certificate-External.Sectigo/README.md
T
Zack Meier 1d304511b8 update
2026-04-15 15:45:50 -05:00

2.9 KiB
Raw Permalink Blame History

ITD.Infra-Certificate-Internal.Sectigo

Written by: Freeman Peterson fjpeterson@nd.gov

Description

This module is used to interact Sectigo API

Prerequisites

None

Api Documentation

https://www.sectigo.com/knowledge-base/detail/Sectigo-Certificate-Manager-SCM-REST-API/kA01N000000XDkE

Git repo

https://dev.azure.com/ndgov/NDIT-WindowsServerTeam/_git/ITD.Infra-Certificate-Internal.Sectigo

Install

Add Gallary

 Register-PSRepository -Name ITD_PwshGallery `
    -SourceLocation "https://powershell.nd.gov/ITD_PwshGallery/nuget/" `
    -PublishLocation "https://powershell.nd.gov/ITD_PwshGallery/nuget/" `
    -InstallationPolicy Trusted

Install Module

Find-Module -Repository ITD_PwshGallery -Name ITD.Infra-Certificate-Internal.Sectigo|Install-Module -Scope CurrentUser

Validate Module installed

Get-Command -Module ITD.Infra-Certificate-Internal.Sectigo

Update Module

Find-Module -Repository ITD_PwshGallery -Name ITD.Infra-Certificate-Internal.Sectigo|Update-Module

Examples and Information

Obtaining CSR From File

$csr = (Get-Content -Path "c:\temp\hostname.csr" -Raw)

Get Token Prompt for Creds

$env:Sectigoclientid='b16d95fd-405f-4d41-a748-c1035916a359'
$env:SectigoclientSecret=redacted

Get-SectigoApiToken

Test Cert Request

Test-SectigoCertificateRequest -FilePath $csrpath

Enroll the CSR

$certRequest = Enroll-SectigoCertificateRequest -Csr $csr -dcvEmail 'youremail@nd.gov" #-Comment "app123"

Get Cert Status

Get-SectigoCertificate -Orderid $certRequest.sslid

Wait for approval

while ($certstatus -ne "Issued") {
  $certstatus=(Get-SectigoCertificate -OrderId $certRequest.sslid).status
  Sleep 1
}

Download Cert

$CertPath = (Download-SectigoCertificate -Orderid $certRequest.sslid -Format "pem").FullName

Default Format: Pem 'x509' - for Certificate (w/ chain) PEM encoded 'x509CO' - for Certificate only, PEM encoded 'base64' - for PKCS#7, PEM encoded 'bin' - for PKCS#7, 'x509IO' - for Root/Intermediate(s) only, PEM encoded 'x509IOR' - for Intermediate(s)/Root only, PEM encoded 'pem' - for Certificate (w/ chain), PEM encoded 'pemco' - for Certificate only, PEM encoded 'pemia' - for Certificate (w/ issuer after), PEM encoded 'x509R' - for Certificate (w/ chain), PEM encoded base64

Add it to a cert store

As administrator:

  Import-Certificate -FilePath "C:\Certs\cert_OrderNumber.pem" -CertStoreLocation Cert:\LocalMachine\My

Other functions

Revoke

Revoke-SectigoCertificate -reasonCode 4 -reason "Just a test" -Orderid 11012388

No results will be given back to you.

*If you revoke a cert you will no longer see them in Get-SectigoCertificate Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5))

Org Lookup

Get-SectigoOrg

Certificate Types

Get-SectigoCertificateTypes
Reference in New Issue View Git Blame Copy Permalink