diff --git a/README.md b/README.md new file mode 100644 index 0000000..94cf533 --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +# CHON CWPSA Script + + +This script is to automate the processes of creating/renewing a LetsEncrypt Cert, uploading it to a Sophos XG Firewall & applying it to all WAF rules. +## Setup + +### Requirements + +Requires Posh ACME https://www.powershellgallery.com/packages/Posh-ACME/ + +run the following command to install +'Start-Process powershell "Install-Module -Name Posh-ACME -Verb runAs' + + + +for this version of the script to work your DNS records need to be with Cloudflare. + +At first run of the script you will be prompted for the following information: +* XGPass - this must be the Admin account on your XG +* CloudFlareAPI - + + + + +### +First Run + +New-PACertificate $certDomain -AcceptTOS \ No newline at end of file diff --git a/UpdateXG_Cert.ps1 b/UpdateXG_Cert.ps1 index b50c8ff..3a97c18 100644 --- a/UpdateXG_Cert.ps1 +++ b/UpdateXG_Cert.ps1 @@ -7,6 +7,7 @@ $username = "admin"; $baseuri = "https://$($XG_IP):$($XG_Admin_Port)/webconsole/APIController?reqxml="; $hn = hostname $settingPath = "c:\CHON\" +$email = "" #Notes # Requires Posh ACME https://www.powershellgallery.com/packages/Posh-ACME/3.15.1 @@ -25,7 +26,7 @@ try { $password = New-Object -TypeName psobject $password | Add-Member -MemberType NoteProperty -Name XGPass -Value $null $password | Add-Member -MemberType NoteProperty -Name CloudFlareAPI -Value $null - $password | Add-Member -MemberType NoteProperty -Name CloudFlare2 -Value $null + #$password | Add-Member -MemberType NoteProperty -Name CloudFlare2 -Value $null $password.XGPass = Read-Host -AsSecureString -prompt "Admin password:" $password.CloudFlareAPI = Read-Host -AsSecureString -prompt "CloudFlare API KEY:" @@ -47,10 +48,10 @@ Write-Host "#############################" $pArgs = @{ - CFAuthEmail = '' + CFAuthEmail = $email CFAuthKeySecure = $password.CloudFlareAPI } -New-PACertificate '*.falz.com.au' -Plugin Cloudflare -PluginArgs $pArgs -force +New-PACertificate "*.$($domain)" -Plugin Cloudflare -PluginArgs $pArgs -force ## START XG Part