Just shipped a new Posh-IBCLI release, version 1.3.0. It adds new functions called
Set-IBCLIApacheCert which wrap the
set apache_https_cert command added in NIOS 8.4. What’s funny is that the only reason I found out about the command is because of a problem I ran into while testing Posh-IBWAPI’s new file upload functions.
The file I was trying to upload was a certificate for the web UI and I figured my test procedure would involve uploading my cert and then re-generating a self-signed cert before repeating the test. But the second time I tried to upload a cert, it kept failing with the error, “The certificate already exists.” After contacting support, I found out that for some reason NIOS keeps copies of all the certs you’ve ever imported in the grid database. And until NIOS 8.4, there was no way to re-use an old cert.
I’m still unclear why NIOS is keeping copies of old unused certs, but I really hope the Infoblox engineers expand on the ability to manage them in future versions. At the very least, it’d be nice to have a way to delete them and free up database space. Maybe add some WAPI equivalent ways to manage them rather than just the CLI method.
In any case,
Get-IBCLIApacheCert will give you a list of the certificate serial numbers and common name values that are stored in the database.
Set-IBCLIApacheCert will let you set the new active certificate with the specified serial number.
Set-IBCLIApacheCertto allow manipulation of the web UI certificate on a grid member. These require a CLI command that exists in NIOS 8.4+ and will throw an error on earlier versions.