Just shipped a new Posh-ACME release, version 3.12.0. The
Set-PAOrder function now has
-PluginArgs parameters which should make it easier to change DNS providers and/or provider parameters without needing to wait for a certificate renewal. The BouncyCastle library has been updated to the latest 1.8.5 version and the DLL file is using a non-standard name to avoid conflicts with other software that uses BouncyCastle and chooses to install the DLL into the .NET GAC. For some reason,…
Just shipped a new Posh-ACME release, version 3.11.0. The
Install-PACertificate function now has optional parameters that allow you to specify the Windows certificate store location and name in case the defaults (LocalMachine\My) aren't what you need. You can also use the
-NotExportable switch to mark the certificate as non-exportable. There's also a new function called Revoke-PAAuthorization which is mostly useful for testing a new configuration. It allows you to revoke one or more existing…
Just shipped a new Posh-ACME release, version 3.10.0. There's a critical fix in this version for a problem introduced by a recent change in Let's Encrypt's ACME implementation that breaks renewals. A new DNS plugin for HurricaneElectric was added and the Azure plugin now supports certificate based authentication in addition to the existing methods. There's also additional guidance in the tutorial on renewals and deployment.
Just shipped a new Posh-ACME release, version 3.9.0. There's a new DNS plugin for UnoEuro thanks to a user submission. The Cloudflare plugin was also updated to support limited use tokens that don't have edit permissions to all zones on an account.
Just shipped a new Posh-IBCLI release, version 1.3.0. It adds new functions called
Set-IBCLIApacheCert which wrap the
set apache_https_cert command added in NIOS 8.4. What's funny is that the only reason I found out about the command is because of a problem I ran into while testing Posh-IBWAPI‘s new file upload functions.
Just shipped a new Posh-ACME release, version 3.8.0.
Set-PAOrder now supports modifying some order properties that don't require generating a new order such as FriendlyName, PfxPass, and the Install switch. If the order has already been completed, changes to FriendlyName and PfxPass will generate new versions of the associated PFX files with the updated values. But changes to the Install switch will only affect future renewals. The GoDaddy plugin will no longer fail on large accounts with more…
Just shipped a new Posh-ACME release, version 3.7.0. In addition to some miscellaneous bug fixes,
Submit-Renewal now has an optional
-PluginArgs parameter for cases when you need to specify new values for a plugin but don't want to create a whole new order from scratch. This is useful if your credentials change or if the type of credential you're using is purposefully short-lived.
Just shipped a new Posh-IBWAPI release, version 3.1.0. There is now an
-OverrideTransferHost switch in
Receive-IBFile. But to understand what it does requires a bit of explanation on how file transfers work under the hood with the Infoblox WAPI. Any given file transfer (up or down) is a 3-step process that can be generalized as follows.
Just shipped a new Posh-ACME release, version 3.6.0. This one has a bunch of new stuff including new plugins for Domeneshop, Dreamhost, EasyDNS, and freedns.afraid.org. The other big addition is a new function called
Invoke-HttpChallengeListener which can be super handy for people doing HTTP challenges. It's basically a self-contained webserver that will respond to requests for the HTTP challenges in your order so you don't have manually deal with making the challenge files available. Check out…
In a previous post, I introduced a new PowerShell module called PwnedPassCheck. It can be used to check passwords and hashes against a list of over half a billion compromised passwords exposed in data breaches thanks to Troy Hunt's incredibly useful haveibeenpwned.com. In this post, I'll demonstrate how to use the module in conjunction with Michael Grafnetter's amazing DSInternals module to quickly audit existing passwords in Active Directory against the compromised list.