Ryan Bolger

Ryan Bolger

Adventures In Tech

Automating Free Certs for Infoblox Grid Manager

Posh-ACME and Posh-IBWAPI, better together

Ryan Bolger

HTTPS web UIs and APIs using self-signed certificates have always annoyed me. It’s one of the reasons I started learning about PKI long before Let’s Encrypt and the ACME protocol made free publicly trusted certs available for everyone. But it may still be a while before large products and platforms like Infoblox start natively supporting ACME to make our self-signed cert woes a thing of the past. Until then, here’s how you can use Posh-ACME and Posh-IBWAPI to get a free cert…

Ryan Bolger

Over the course of my career, I’ve worked with several Active Directory environments that ran the domain’s DNS zones on 3rd party DNS products like Infoblox or BIND instead of directly on the domain controllers. GSS-TSIG and secure dynamic updates work great with these non-Windows DNS servers when configured properly. But sometimes, getting the settings right can be tricky for the DNS admins and having a way trigger a DC’s record registration process while troubleshooting is…

Posh-ACME 4.6.0

HostingDe and Beget plugins and misc fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 4.6.0. There are new plugins for HostingDe and Beget. The new Revoke-PACertificate has been improved so it no longer requires a configured ACME account when using an explicit cert/key. There’s a fix for unauthenticated updates with RFC2136 plugin and the Simply plugin is now IDN agnostic thanks to suggestions from the API owner.

Posh-ACME 4.5.0

New plugins, new revocation function, and misc fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 4.5.0. There are new plugins for PCExtreme (called Aurora) and UKFast. There’s also a new dedicated function for certificate revocation called Revoke-PACertificate.

Posh-ACME 4.3.0

PreferredChain logic fix

Ryan Bolger

Just shipped a new Posh-ACME release, version 4.3.0. The main change in this version is how the PreferredChain functionality works. Previously it would check all chains in the order they were recieved and use the first one that contained a cert that matched the PreferredChain value. But the upcoming changes to the chains offered by Let’s Encrypt highlighted a problem with that logic. If a user wanted to use the new shorter ISRG Root X1, that value would match in the default chain before…

Posh-ACME 4.2.0

Infomaniak and Zilore plugins and new option for AcmeDns

Ryan Bolger

Just shipped a new Posh-ACME release, version 4.2.0. There are new DNS plugins for Infomaniak and Zilore and a new option for AcmeDns that allows you to specify the complete URI instead of just the hostname in case you’ve got a custom setup.

Posh-ACME 4.1.0

RFC2136 compat updates, UnoEuro removal, and misc fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 4.1.0. The RFC2136 plugin now uses the exit code from nsupdate instead of output parsing to determine success and avoid possible language OS inconsistencies. There’s also a new optional DDNSZone param to avoid the initial SOA lookup that breaks in some environments. The UnoEuro plugin has been removed because the API endpoint is no longer functional. So if you hadn’t switched over to the Simply plugin, now is the time.

Posh-ACME 4.0.0

HTTP plugins, portable plugin arg encryption, better help

Ryan Bolger

Just shipped a new Posh-ACME release, version 4.0.0. This is a huge personal win for me that took far longer than I had originally intended. So I’m super excited to finally get it out the door.

Posh-ACME 3.20.0

Azure plugin enhancements and Simply fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.20.0. The Azure plugin has been enhanced in this release thanks to @InKahootz and now supports targeting additional Azure cloud environments that support specific countries or governments. There are also some fixes for the Simply plugin.

Recent Posts

Categories