1
Development and Code Review / Powershell script for downloading Let's encrypt certificate
« on: October 29, 2018, 01:00:46 pm »
Hi everybody,
based on the thread https://forum.opnsense.org/index.php?topic=8865 i've written a PowerShell script which downloads and converts the given domain certificate for you.
It has the following dependencies:
After the connection it will tr the fullchain.cer and the tld.contoso.com.key files from the directory /var/etc/acme-client/home/tld.contoso.com/ directory and convert them using OpenSSL into the PKCS12 format, protecting the certificate with the password opnsense and saving it as tld.contoso.com.pfx in the current directory.
The script is available as gist at https://gist.github.com/Maahaax/0c1a69ffa7e3478c5992f20ae0a194e0
Best regards and thank you so much for this great piece of software named opnSense!
Max
based on the thread https://forum.opnsense.org/index.php?topic=8865 i've written a PowerShell script which downloads and converts the given domain certificate for you.
It has the following dependencies:
- Powershell Module Posh-SSH (https://github.com/darkoperator/Posh-SSH)
- OpenSSL, installed or the binaries and DLLs in the directory of the script
- -CertificateDomain YOURDOMAIN
- -Router IPORHOSTNAMEOFOPNSENSE
- -SCPUsername YOURUSER (Default value is root)
- -SCPPassword YOURPASSWORD
- -Port YOURSSHPORT (Default value is 22)
- -Keyfile PATHTOYOURSSHKEYFILE
- -CertificatePassword CERTPASSWORD (password set for the pfx certificate
- -Out FILENAMEOFCERTIFICATE (Default value is the given domain
- -Path YOURPATH (if not set, outputs the certificate in the current folder
Code: [Select]
Sync-Cert -CertificateDomain tld.contoso.com -Router 192.168.0.1 -SCPUsername root -SCPPassword opnsense -CertificatePassword opnsense
This will connect to the opnSense firewall at 192.168.0.1 with the username root and the password opnsense.After the connection it will tr the fullchain.cer and the tld.contoso.com.key files from the directory /var/etc/acme-client/home/tld.contoso.com/ directory and convert them using OpenSSL into the PKCS12 format, protecting the certificate with the password opnsense and saving it as tld.contoso.com.pfx in the current directory.
The script is available as gist at https://gist.github.com/Maahaax/0c1a69ffa7e3478c5992f20ae0a194e0
Best regards and thank you so much for this great piece of software named opnSense!
Max