Ryan Bolger

Ryan Bolger

Adventures In Tech

Posh-ACME 3.12.0

Set-PAOrder improvements, upgraded BouncyCastle, and misc fixes.

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.12.0. The Set-PAOrder function now has -DnsPlugin and -PluginArgs parameters which should make it easier to change DNS providers and/or provider parameters without needing to wait for a certificate renewal. The BouncyCastle library has been updated to the latest 1.8.5 version and the DLL file is using a non-standard name to avoid conflicts with other software that uses BouncyCastle and chooses to install the DLL into the .NET GAC. For some reason,…

Posh-ACME 3.11.0

Improvements for Install-PACertificate and new function Revoke-PAAuthorization.

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.11.0. The Install-PACertificate function now has optional parameters that allow you to specify the Windows certificate store location and name in case the defaults (LocalMachine\My) aren't what you need. You can also use the -NotExportable switch to mark the certificate as non-exportable. There's also a new function called Revoke-PAAuthorization which is mostly useful for testing a new configuration. It allows you to revoke one or more existing…

Posh-ACME 3.10.0

Critical fix, new Hurricane Electric plugin, and Azure cert-based auth.

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.10.0. There's a critical fix in this version for a problem introduced by a recent change in Let's Encrypt's ACME implementation that breaks renewals. A new DNS plugin for HurricaneElectric was added and the Azure plugin now supports certificate based authentication in addition to the existing methods. There's also additional guidance in the tutorial on renewals and deployment.

Posh-ACME 3.9.0

New UnoEuro plugin and updates to Cloudflare plugin.

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.9.0. There's a new DNS plugin for UnoEuro thanks to a user submission. The Cloudflare plugin was also updated to support limited use tokens that don't have edit permissions to all zones on an account.

Posh-IBCLI 1.3.0

New functions Get-IBCLIApacheCert and Set-IBCLIApacheCert

Ryan Bolger

Just shipped a new Posh-IBCLI release, version 1.3.0. It adds new functions called Get-IBCLIApacheCert and Set-IBCLIApacheCert which wrap the set apache_https_cert command added in NIOS 8.4. What's funny is that the only reason I found out about the command is because of a problem I ran into while testing Posh-IBWAPI‘s new file upload functions.

Posh-ACME 3.8.0

More options in Set-PAOrder and misc fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.8.0. Set-PAOrder now supports modifying some order properties that don't require generating a new order such as FriendlyName, PfxPass, and the Install switch. If the order has already been completed, changes to FriendlyName and PfxPass will generate new versions of the associated PFX files with the updated values. But changes to the Install switch will only affect future renewals. The GoDaddy plugin will no longer fail on large accounts with more…

Posh-ACME 3.7.0

New param in Submit-Renewal and misc fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.7.0. In addition to some miscellaneous bug fixes, Submit-Renewal now has an optional -PluginArgs parameter for cases when you need to specify new values for a plugin but don't want to create a whole new order from scratch. This is useful if your credentials change or if the type of credential you're using is purposefully short-lived.

Posh-IBWAPI 3.1.0

Improvements to Send-IBFile and Receive-IBFile

Ryan Bolger

Just shipped a new Posh-IBWAPI release, version 3.1.0. There is now an -OverrideTransferHost switch in Send-IBFile and Receive-IBFile. But to understand what it does requires a bit of explanation on how file transfers work under the hood with the Infoblox WAPI. Any given file transfer (up or down) is a 3-step process that can be generalized as follows.

Posh-ACME 3.6.0

New plugins and self-hosted http challenges

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.6.0. This one has a bunch of new stuff including new plugins for Domeneshop, Dreamhost, EasyDNS, and freedns.afraid.org. The other big addition is a new function called Invoke-HttpChallengeListener which can be super handy for people doing HTTP challenges. It's basically a self-contained webserver that will respond to requests for the HTTP challenges in your order so you don't have manually deal with making the challenge files available. Check out…

Auditing Active Directory Passwords With PwnedPassCheck

Make sure users aren't using compromised passwords.

Ryan Bolger

In a previous post, I introduced a new PowerShell module called PwnedPassCheck. It can be used to check passwords and hashes against a list of over half a billion compromised passwords exposed in data breaches thanks to Troy Hunt's incredibly useful haveibeenpwned.com. In this post, I'll demonstrate how to use the module in conjunction with Michael Grafnetter's amazing DSInternals module to quickly audit existing passwords in Active Directory against the compromised list.

Recent posts

See more

Categories