Zack Meier
149 lines
3.1 KiB
PowerShell
149 lines
3.1 KiB
PowerShell
Function Enroll-SectigoCertificateRequest {
|
|
[CmdletBinding()]
|
|
param (
|
|
[string]$ApiToken=$env:SectigoToken,
|
|
[int]$OrgId=8091, # 8091 friendly label is "Information Technology Department - Windows"
|
|
[Parameter(Mandatory=$true)]
|
|
[string]$subjAltNames,
|
|
[ValidateSet('IIS','IIS_OLD','IBM','LINUX','Apache','Tomcat')]
|
|
[string]$Type="IIS",
|
|
[string]$comment = "",
|
|
[Parameter(Mandatory=$true)]
|
|
[string]$dcvEmail,
|
|
[Parameter(Mandatory=$true)]
|
|
[ValidateSet('ECC',"RSA")]
|
|
[string]$KeyType,
|
|
[Parameter(Mandatory=$true)]
|
|
[string]$Csr, # Replace with your Sectigo Organization ID
|
|
[switch]$Test
|
|
)
|
|
if (-Not $ApiToken) {
|
|
$ApiToken=Read-Host "ApiToken:"
|
|
}
|
|
|
|
. $PSScriptRoot\..\Private\Set-Onload.ps1
|
|
|
|
[string]$RequestUrl= $BaseAPIUrl + "/api/ssl/v1/enroll"
|
|
|
|
Write-Verbose -Verbose "RequestUrl: $RequestUrl"
|
|
#$CertType=2369
|
|
|
|
#If ($subjAltNames) {
|
|
$CertType=2375
|
|
#}
|
|
|
|
|
|
$term=365
|
|
# 7: IBM HTTP Server
|
|
# 14: Microsoft IIS 5 or 6
|
|
switch ($ServerType.ToLower()) {
|
|
"iis" {
|
|
$ServerTypeCode = 35
|
|
}
|
|
"iis_old" {
|
|
$ServerTypeCode = 14
|
|
}
|
|
"ibm" {
|
|
$ServerTypeCode = 7
|
|
}
|
|
"linux" {
|
|
$ServerTypeCode = 'Linux'
|
|
}
|
|
"apache" {
|
|
$ServerTypeCode = 2
|
|
}
|
|
"tomcat" {
|
|
$ServerTypeCode = 12
|
|
}
|
|
default {
|
|
Write-Warning "Unsupported server type: $ServerType. Please provide specific instructions for manual installation."
|
|
}
|
|
}
|
|
|
|
|
|
#ignorded for now
|
|
# keySize = 2048,
|
|
# keyParam = 2048,
|
|
# algorithm = $KeyType
|
|
# keyGenerationMethod = PK_AGENT
|
|
|
|
|
|
$body = @{
|
|
orgId = $OrgId
|
|
subjAltNames = $subjAltNames
|
|
certType = $CertType
|
|
term = $term
|
|
serverType = $ServerTypeCode
|
|
comments = $comment
|
|
csr = $csr
|
|
externalRequester = $dcvEmail
|
|
}
|
|
|
|
#$b2= @{
|
|
# subjAltNames = $subjAltNames
|
|
#}
|
|
#
|
|
#if ($subjAltNames) {
|
|
# $body = $body + $b2
|
|
#}
|
|
|
|
|
|
|
|
$b3=@{
|
|
commonName = $commonName
|
|
keySize = 2048
|
|
keyParam = "2048"
|
|
algorithm = "RSA"
|
|
keyGenerationMethod = "PK_AGENT"
|
|
}
|
|
|
|
$b4=@{
|
|
commonName = $commonName
|
|
keyParam = "secp256r1"
|
|
algorithm = "ESS"
|
|
keyGenerationMethod = "PK_AGENT"
|
|
}
|
|
|
|
|
|
|
|
# $body = $body + $b2
|
|
#If ($KeyType -eq "rsa") {
|
|
# $body = $body + $b3
|
|
#} else {
|
|
# $body = $body + $b4
|
|
#}
|
|
|
|
|
|
|
|
|
|
If ($test) {
|
|
Return
|
|
}
|
|
|
|
# Convert the body to JSON
|
|
$jsonBody = $body | ConvertTo-Json
|
|
|
|
Write-Host $jsonBody
|
|
|
|
# --- Set up Authentication Headers ---
|
|
$headers = @{
|
|
"Authorization" = "Bearer $ApiToken"
|
|
"Content-Type" = "application/json"
|
|
}
|
|
|
|
# --- Send the Request ---
|
|
try {
|
|
$response=Invoke-RestMethod -Uri $RequestUrl -Method POST -Headers $headers -Body $jsonBody -ContentType "application/json"
|
|
|
|
return $response
|
|
}
|
|
catch {
|
|
Write-Error "Error during certificate enrollment: $($_.Exception.Message)"
|
|
if ($_.Exception.Response) {
|
|
$errorResponse = $_.Exception.Response.GetResponseStream()
|
|
$reader = New-Object System.IO.StreamReader($errorResponse)
|
|
$responseBody = $reader.ReadToEnd()
|
|
Write-Error "Sectigo API Error Response: $responseBody"
|
|
}
|
|
}
|
|
} |