Just shipped a new Posh-IBCLI release, version 1.3.0. It adds new functions called Get-IBCLIApacheCert and Set-IBCLIApacheCert which wrap the set apache_https_cert command added in NIOS 8.4. What’s funny is that the only reason I found out about the command is because of a problem I ran into while testing Posh-IBWAPI’s new file upload functions.

The file I was trying to upload was a certificate for the web UI and I figured my test procedure would involve uploading my cert and then re-generating a self-signed cert before repeating the test. But the second time I tried to upload a cert, it kept failing with the error, “The certificate already exists.” After contacting support, I found out that for some reason NIOS keeps copies of all the certs you’ve ever imported in the grid database. And until NIOS 8.4, there was no way to re-use an old cert.

I’m still unclear why NIOS is keeping copies of old unused certs, but I really hope the Infoblox engineers expand on the ability to manage them in future versions. At the very least, it’d be nice to have a way to delete them and free up database space. Maybe add some WAPI equivalent ways to manage them rather than just the CLI method.

In any case, Get-IBCLIApacheCert will give you a list of the certificate serial numbers and common name values that are stored in the database. Set-IBCLIApacheCert will let you set the new active certificate with the specified serial number.

Updated versions can be found in the PowerShell Gallery or GitHub. Installation instructions are in the Readme.

Changelog

• Added Get-IBCLIApacheCert and Set-IBCLIApacheCert to allow manipulation of the web UI certificate on a grid member. These require a CLI command that exists in NIOS 8.4+ and will throw an error on earlier versions.