ACMESharp icon indicating copy to clipboard operation
ACMESharp copied to clipboard

Published 20 hours ago verified publisher icon ebekker

Create installers for some Windows-specific technologies/tools

Open ebekker opened this issue 7 years ago • 8 comments

A few Windows-specific products that could benefits from installers:

  • Windows Cert Store
  • IIS
  • RDP (here and here)
  • RDGateway (here)
  • MSSQL (bottom of here)

ebekker avatar Nov 13 '16 12:11 ebekker

An installer for Exchange would be fabulous as well. Essentially IIS + assigning the cert to Exchange services.

ryang-cvv avatar Nov 22 '16 09:11 ryang-cvv

I'm not familiar with Exchange administration and don't really have easy access to an Exchange setup, so it's unlikely that I'll have Exchange support out of the box. However, I know Exchange is heavily dependent on PowerShell for all its administration, so wiring up something using the Windows Cert Store provider (which is already implemented in the latest code base (not released yet)) should be pretty straightforward.

If it's anything like IIS, once the cert is installed into the local cert store, you just issue some command to Exchange to make use of the cert by referencing its Thumbprint.

ebekker avatar Nov 22 '16 11:11 ebekker

IBM Domino? I can help with things that are Domino specific (process and IBM CLI tools for conversion to kyr format, registry and "www root" folder for automatic verification of http/dns_name).

tixomirx avatar Nov 22 '16 14:11 tixomirx

Same thing here as with Exchange -- you can stitch together a set of cmdlets after installing into the Windows Cert Store, then referencing the cert with Domino (I'm making an assumption that you can setup/install certificates with Domino from a POSH session and that Domino does or can reference Windows Cert Store certs).

ebekker avatar Nov 22 '16 15:11 ebekker

For both the Domino and Exchange cases, and any others in the future, I'll be happy to work with folks to help them develop their own Providers that will plug-in to the ACMESharp extension model.

The upcoming release 0.8.2 has a bunch of new in-the-box providers as well as some changes and enhancements to the PowerShell module to support management of 3rd-party providers.

ebekker avatar Nov 22 '16 15:11 ebekker

Domino cannot use Windows Cert Store... What is best way for me to try to write plugi-in? PS development is a bit new to me...

tixomirx avatar Nov 22 '16 16:11 tixomirx

Exchange is super easy - just needs the thumbprint from the Windows Cert Store;

Enable-ExchangeCertificate -Server 'SERVERNAME' -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'THUMBPRINT'

Exchange 2010 - https://technet.microsoft.com/en-us/library/dd351257(v=exchg.141).aspx Exchange 2013 - https://technet.microsoft.com/en-us/library/aa997231(v=exchg.150).aspx Exchange 2016 - https://technet.microsoft.com/en-us/library/aa997231(v=exchg.160).aspx

Each use exactly the same command. Not sure if you have to call the PowerShell modules differently though.

ryang-cvv avatar Nov 22 '16 22:11 ryang-cvv

I'd be quite interested in an installer / PS1 script that can automate the request/renew/install of a LE cert for the RDP use case.

I'm capturing the various PS fragments that I've collected so far if anyone wants to take a stab at putting this together before I find some time to do so.

https://gist.github.com/jauderho/e3160777c3f470e77ac076252e4b3061

jauderho avatar Mar 29 '17 23:03 jauderho