Задача. У сертификатов подошел к концу срок действия. Надо массово обновить сертификаты на hp ilo .
- Просканировать под сеть. Составить список ilo hp
- Определить у кого закончился срок действия
- Перевыпустить сертификат в Windows CA
- Импортировать в hp ilo
Написал скрипт.
$minCertAge = 80
$timeoutMs = 10000
$ilo = Find-HPiLO 172.16.35.0-255 | Select-Object HOSTNAME # Ищет hp ilo
$sites = $ilo.HOSTNAME
# Отключить проверку корректности сертификата
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
# Создаем массив для хранения сайтов с отрицательным $certExpiresIn
$sitesWithNegativeCertExpires = @()
foreach ($site in $sites)
{
$fullSiteUrl = "https://$site" # Добавляем префикс "https://"
Write-Host "Проверка $fullSiteUrl" -f Green
$req = [Net.HttpWebRequest]::Create($fullSiteUrl)
$req.Timeout = $timeoutMs
try {
$req.GetResponse() | Out-Null
} catch {
Write-Host "Ошибка при проверке URL $fullSiteUrl`: $_" -ForegroundColor Red
}
[datetime]$certExpDate = [DateTime]::ParseExact(($req.ServicePoint.Certificate.GetExpirationDateString()), 'dd.MM.yyyy H:mm:ss', $null)
#[datetime]$certExpDate = $req.ServicePoint.Certificate.GetExpirationDateString() #работает на другой локализации
[int]$certExpiresIn = ($certExpDate - $(Get-Date)).Days
$certName = $req.ServicePoint.Certificate.GetName()
$certThumbprint = $req.ServicePoint.Certificate.GetCertHashString()
$certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString()
$certIssuer = $req.ServicePoint.Certificate.GetIssuerName()
if ($certExpiresIn -lt 0) { # Только отрицательное значение $certExpiresIn
$sitesWithNegativeCertExpires += @{
SiteUrl = $site # Убран "https://"
CertExpiresIn = $certExpiresIn
CertName = $certName
CertThumbprint = $certThumbprint
CertEffectiveDate = $certEffectiveDate
CertIssuer = $certIssuer
}
}
Write-Host "________________`n"
}
# Вывести информацию о сайтах с отрицательным $certExpiresIn
if ($sitesWithNegativeCertExpires.Count -gt 0) {
Write-Host "Следующие сайты имеют отрицательное значение CertExpiresIn:"
$siteUrls = $sitesWithNegativeCertExpires | ForEach-Object { $_.SiteUrl }
Write-Host $siteUrls
} else {
Write-Host "Нет сайтов с отрицательным CertExpiresIn."
}
#$strTextFileLoc = "C:\ilo\ilolist.txt"
# Exclusion List. Sometimes used to deal with
# iLO Intefaces that cause script to hang.
$exclusions = "BADINTERFACE.mydomain.com", "broken.mydomain.com" #исклюечение Web
#iLO Domain Name
$striLODomain = "указать домен"
#iLO Administrative Account Details
$striLOUsername = "логин ilo"
$striLOPassword = "пароль от ilo"
# ADCS Server Name
$certificateserver = "subca.adminbd.ru\admin-SUBCA-CA" #узнать ваш можно certutil -config - -ping
$certificatetemplate = "имя темплейта на CA"
#Skipped Hosts
$skippedreport =@()
# Location of Log Folders
$cpqlogfilefolder = "C:\ilo\" #папка куда сертификаты складываться будут
# Path to Script Location & Support Files
$scriptpath = "C:\ilo\iLOSSL_v2" #папка куда сертификаты складываться будут
# Verbose Output
$verbose = $true
#======================================================================================
cls
$ilOInterfaces = $siteUrls
#$strTextFileLoc
function Ping-iLO ([string]$iLOHostName) {
$ping = new-object System.Net.NetworkInformation.Ping
try {
$Reply = $ping.send($iLOhostname,500)
}
catch {
return $false
}
if ($Reply.Status -eq "Success") {
return $true
}
}
foreach ($interface in $iLOInterfaces) {
if (Ping-ilo($interface) -and ($exclusions -notcontains $interface)) {
del $scriptpath\current*
$shorthost = $interface.Split(".")
$shorthost = $shorthost[0]
write-output "[logging] Now Running: `t$interface"
$iLOInfo = Get-HPiLOFirmwareVersion -Server $interface -Username $striLOUsername -Password $striLOPassword -DisableCertificateAuthentication
if ($verbose -and ($iLOInfo.STATUS_MESSAGE -eq "OK")) {
write-output "[verbose] iLO Processor: `t$($iLOinfo.MANAGEMENT_PROCESSOR)"
write-output "[verbose] iLO Firmware: `t$($iLOinfo.FIRMWARE_VERSION)"
write-output "[verbose] iLO Firmware Date: `t$($iLOinfo.FIRMWARE_DATE)"
}
else {
write-output "[logging] iLO Processor: `tUnknown - skipping"
Write-Output "------------------------------------------------------`n"
$skippedreport += "$interface - Unknown iLO Version"
continue
}
write-output "[logging] iLO Detected: `t$($iLOinfo.MANAGEMENT_PROCESSOR)"
$interfaceNetworking = Get-HPiLONetworkSetting -Server $interface -Username $striLOUsername -Password $striLOPassword -DisableCertificateAuthentication
$nethostname = $interfaceNetworking.DNS_NAME + "." + $interfaceNetworking.DOMAIN_NAME
if ($verbose) {
write-output "[verbose] iLO Configured Hostname: $nethostname"
}
if ($interface -eq $nethostname) {
write-output "[logging] iLO Hostname Matches DNS Record! - Getting CSR..."
}
else {
write-output "[logging] iLO Hostname Does Not Match DNS Record! - Updating Value"
Set-HPiLONetworkSetting -Server $interface -Username $striLOUsername -Password $striLOPassword -DNSname $shorthost -DisableCertificateAuthentication
Write-Output "[logging] Resetting iLO after DNS Name Update. Script sleeping 120 seconds.."
Start-Sleep -Seconds 120
$interfaceNetworking = Get-HPiLONetworkSetting -Server $interface -Username $striLOUsername -Password $striLOPassword -DisableCertificateAuthentication
$nethostname = $interfaceNetworking.DNS_NAME + "." + $interfaceNetworking.DOMAIN_NAME
write-output "[verbose] NEW iLO Configured Hostname: $nethostname"
Write-Output "------------------------------------------------------`n"
}
$iLOCSR = Get-HPiLOCertificateSigningRequest -Server $interface -Username $striLOUsername -Password $striLOPassword -DisableCertificateAuthentication
$gotCSR=$false
while ($gotCSR -eq $false) {
if ($iLOCSR.STATUS_TYPE -eq "OK") {
if ($iLOCSR.CERTIFICATE_SIGNING_REQUEST -ne "") {
$iLOCSR.CERTIFICATE_SIGNING_REQUEST | Out-File $scriptpath\currentcsr.txt -Encoding ascii -Force
Write-Output "[logging] CSR Written to $scriptpath\currentcsr.txt"
$gotCSR=$true
}
else {
Write-Output "[logging] CSR Generation Failed. Skipping..."
Write-Output "------------------------------------------------------`n"
$skippedreport += "$interface - CSR Failed"
continue
}
}
else {
Write-Output "[logging] iLO Generating CSR. Script sleeping 120 seconds.."
Start-Sleep -Seconds 120
$iLOCSR = Get-HPiLOCertificateSigningRequest -Server $interface -Username $striLOUsername -Password $striLOPassword -DisableCertificateAuthentication
}
}
write-output "[logging] Signing Certificate with $certificateserver"
if (Test-Path $scriptpath\currentcert.cer) {
Remove-Item $scriptpath\currentcert.cer
}
certreq.exe -config $certificateserver -attrib "CertificateTemplate:$certificatetemplate" "$scriptpath\currentcsr.txt" "$scriptpath\currentcert.cer" |Out-Null
if (Test-Path $scriptpath\currentcert.cer) {
write-output "[logging] Installing Certificate on iLO"
$certificate = Get-Content "$scriptpath\currentcert.cer" -Raw
Import-HPiLOCertificate -Server $interface -Username $striLOUsername -Password $striLOPassword -Certificate $certificate -DisableCertificateAuthentication
}
else {
write-output "[logging] Can't Find Signed Certificate, Skipping..."
$skippedreport += "$interface - Unable to install Signed Cert"
}
Write-Output "------------------------------------------------------`n"
}
else {
write-output "[logging] Interface Unreachable/Excluded, Skipping..."
Write-Output "------------------------------------------------------`n"
$skippedreport += "$interface - Unreachable/Excluded"
}
}
Write-Output "Hosts Skipped:"
Write-Output "------------------------"
$skippedreport
Write-Output "`n"
Similar Posts:
- Как поменять логин и пароль на hp ilo и настроить ldap.
- Как завершить сессию на всех серверах в локальной сети.
- Как создать учётные записи с помощью powershell в AD из csv
- Как cменить пароль локального администратора в домене на серверах через Powershell.
- Как поменять сертификаты на iis для всех сайтов с помощью powershell.