Zack Meier
75 lines
2.4 KiB
PowerShell
75 lines
2.4 KiB
PowerShell
# confirmed working on DL380 Gen10 with HPEiLOCmdlets version 3.2.0.0
|
|
# 2024/02/05 -- still requires PowerShell 5.1 "for some reason"
|
|
### #####itdvmmdnwin11lo.nd.gov
|
|
|
|
#$iLOCred = Get-Secret -Name IloSboxCred
|
|
Import-Module HPEiLOCmdlets
|
|
|
|
$iLOCred = Get-Credential
|
|
$iLOFQDNs = @"
|
|
itdvmbisps16lo.nd.gov
|
|
itdvmbiswas09lo.nd.gov
|
|
"@
|
|
|
|
<#
|
|
|
|
|
|
#>
|
|
$iLOFQDNs = ConvertTo-Array -MultiLineString $iLOFQDNs
|
|
|
|
$iLOConnections = ForEach ($iLOFQDN in $iLOFQDNs) {
|
|
Connect-HPEiLO -Address $iLOFQDN -Credential $iLOCred -DisableCertificateAuthentication
|
|
}
|
|
|
|
Get-HPEiLOSSLCertificateInfo -Connection $iLOConnections -ov x
|
|
|
|
ForEach ($iLOConnection in $iLOConnections) {
|
|
Start-HPEiLOCertificateSigningRequest -Connection $iLOConnection `
|
|
-CommonName $iloConnection.Hostname `
|
|
-Organization "State of North Dakota" `
|
|
-Country US `
|
|
-City Bismarck `
|
|
-State "North Dakota" `
|
|
-OrganizationalUnit NDIT
|
|
}
|
|
Start-Sleep -Seconds 30
|
|
|
|
#wait 30 seconds, then continue -- will copy CSR to clipboard, paste it into Ansible playbook, vmware@nd.gov for email, hit Enter and loop
|
|
|
|
ForEach ($iLOConnection in $iLOConnections) {
|
|
$CSR = Get-HPEiLOCertificateSigningRequest -Connection $iLOConnection
|
|
Write-Warning -Message ("Start " + $CSR.Hostname)
|
|
$CSR.CertificateSigningRequest | Set-Clipboard
|
|
Pause
|
|
}
|
|
|
|
#### send csr to ca
|
|
|
|
# get certificate back, updating download folder below as needed
|
|
# download the "Certificate only, PEM encoded" cert
|
|
|
|
ForEach ($iLOFQDN in $iLOFQDNs) {
|
|
Write-Warning -Message "Start $iloFQDN"
|
|
$cert = Get-ChildItem D:\Downloads | Where-Object { $_.Name -eq ($iLOFQDN.replace(".", "_") + "_cert.cer") } | Get-Content
|
|
$connection = $iLOConnections | Where-Object Hostname -EQ $iLOFQDN
|
|
Import-HPEiLOCertificate -Certificate ($cert | Out-String) -Connection $connection
|
|
Write-Warning -Message "End $iloFQDN"
|
|
}
|
|
|
|
# OneView, refresh server hardware
|
|
|
|
|
|
# validate certificate after 30 seconds / iLO reset
|
|
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
|
|
ForEach ($iloFQDN in $iLOFQDNs) {
|
|
$url = ("https://" + $iloFQDN)
|
|
$req = [Net.HttpWebRequest]::Create($Url)
|
|
$req.GetResponse() | Out-Null
|
|
$output = [PSCustomObject]@{
|
|
URL = $url
|
|
'Cert Start Date' = $req.ServicePoint.Certificate.GetEffectiveDateString()
|
|
'Cert End Date' = $req.ServicePoint.Certificate.GetExpirationDateString()
|
|
}
|
|
$output
|
|
}
|