Public/Add-NSCertKeyPair.ps1
|
<#
Copyright 2015 Brandon Olin Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. #> function Add-NSCertKeyPair { <# .SYNOPSIS Add server certificate to NetScaler appliance. .DESCRIPTION Add server certificate to NetScaler appliance. .EXAMPLE Add-NSCertKeyPair -CertKeyName 'myrootCA' -CertPath '/nsconfig/ssl/mycertificate.cert' -CertKeyFormat 'PEM' Creates a root certificate key pair named 'myrootCA' using the PEM formatted certificate 'mycertificate.cert' located on the appliance. .EXAMPLE Add-NSCertKeyPair -CertKeyName 'mywildcardcert' -CertPath '/nsconfig/ssl/mywildcard.cert' -KeyPath '/nsconfig/ssl/mywildcard.key' -CertKeyFormat 'PEM' Creates a certificate key pair named 'mywildardcert' using the PEM formatted certificate 'mywildcard.cert' and 'mywildcard.key' key file located on the appliance. .PARAMETER Session The NetScaler session object. .PARAMETER CertKeyName Name for the certificate and private-key pair. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the certificate-key pair is created. The following requirement applies only to the NetScaler CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my cert" or 'my cert'). .PARAMETER CertPath Name of and, optionally, path to the X509 certificate file that is used to form the certificate-key pair. The certificate file should be present on the appliance's hard-disk drive or solid-state drive. Storing a certificate in any location other than the default might cause inconsistency in a high availability setup. '/nsconfig/ssl/' is the default path. .PARAMETER KeyPath Name of and, optionally, path to the private-key file that is used to form the certificate-key pair. The certificate file should be present on the appliance's hard-disk drive or solid-state drive. Storing a certificate in any location other than the default might cause inconsistency in a high availability setup. '/nsconfig/ssl/' is the default path. .PARAMETER CertKeyFormat Input format of the certificate and the private-key files. The three formats supported by the appliance are: PEM - Privacy Enhanced Mail DER - Distinguished Encoding Rule PFX - PKCS#12 binary format Default value: PEM Possible values = DER, PEM, PFX .PARAMETER Password Passphrase that was used to encrypt the private-key. Use this option to load encrypted private-keys in PEM format. #> [cmdletbinding(SupportsShouldProcess = $true, ConfirmImpact='Low')] param( $Session = $script:session, [Parameter()] [string]$CertKeyName, [Parameter()] [string]$CertPath, [Parameter()] [string]$KeyPath, [Parameter()] [ValidateSet('PEM','DER','PFX')] [string]$CertKeyFormat = 'PEM', [Parameter()] [securestring]$Password ) begin { _AssertSessionActive } process { if ($PSCmdlet.ShouldProcess($CertKeyName, 'Add SSL certificate and private key pair')) { try { $params = @{ certkey = $CertKeyName cert = $CertPath inform = $CertKeyFormat } if ($PSBoundParameters.ContainsKey('KeyPath')) { $params.Add('key', $KeyPath) } if (($CertKeyFormat -in 'PEM','PFX') -and $Password) { $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password) $unsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) $params.Add("passplain",$unsecurePassword) } $response = _InvokeNSRestApi -Session $Session -Method POST -Type sslcertkey -Payload $params -Action add } catch { throw $_ } } } } |