# confirmed working on DL380 Gen10 with HPEiLOCmdlets version 3.2.0.0
# 2024/02/05 -- still requires PowerShell 5.1 "for some reason"
### #####itdvmmdnwin11lo.nd.gov

#$iLOCred = Get-Secret -Name IloSboxCred
Import-Module HPEiLOCmdlets

$iLOCred = Get-Credential
$iLOFQDNs = @"
itdvmbisps16lo.nd.gov
itdvmbiswas09lo.nd.gov
"@

<#


#>
$iLOFQDNs = ConvertTo-Array -MultiLineString $iLOFQDNs

$iLOConnections = ForEach ($iLOFQDN in $iLOFQDNs) {
    Connect-HPEiLO -Address $iLOFQDN -Credential $iLOCred -DisableCertificateAuthentication
}

Get-HPEiLOSSLCertificateInfo -Connection $iLOConnections -ov x

ForEach ($iLOConnection in $iLOConnections) {
    Start-HPEiLOCertificateSigningRequest -Connection $iLOConnection `
        -CommonName $iloConnection.Hostname `
        -Organization "State of North Dakota" `
        -Country US `
        -City Bismarck `
        -State "North Dakota" `
        -OrganizationalUnit NDIT
}
Start-Sleep -Seconds 30

#wait 30 seconds, then continue -- will copy CSR to clipboard, paste it into Ansible playbook, vmware@nd.gov for email, hit Enter and loop

ForEach ($iLOConnection in $iLOConnections) {
    $CSR = Get-HPEiLOCertificateSigningRequest -Connection $iLOConnection
    Write-Warning -Message ("Start " + $CSR.Hostname)
    $CSR.CertificateSigningRequest | Set-Clipboard
    Pause
}

#### send csr to ca

# get certificate back, updating download folder below as needed
# download the "Certificate only, PEM encoded" cert

ForEach ($iLOFQDN in $iLOFQDNs) {
    Write-Warning -Message "Start $iloFQDN"
    $cert = Get-ChildItem D:\Downloads | Where-Object { $_.Name -eq ($iLOFQDN.replace(".", "_") + "_cert.cer") } | Get-Content
    $connection = $iLOConnections | Where-Object Hostname -EQ $iLOFQDN
    Import-HPEiLOCertificate -Certificate ($cert | Out-String) -Connection $connection
    Write-Warning -Message "End   $iloFQDN"
}

# OneView, refresh server hardware


# validate certificate after 30 seconds / iLO reset
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
ForEach ($iloFQDN in $iLOFQDNs) {
    $url = ("https://" + $iloFQDN)
    $req = [Net.HttpWebRequest]::Create($Url)
    $req.GetResponse() | Out-Null
    $output = [PSCustomObject]@{
        URL               = $url
        'Cert Start Date' = $req.ServicePoint.Certificate.GetEffectiveDateString()
        'Cert End Date'   = $req.ServicePoint.Certificate.GetExpirationDateString()
    }
    $output
}