From 37dc1b931351b0cc976c884851dc2423a07954a8 Mon Sep 17 00:00:00 2001
From: David Schroeder <david@schroedercity.com>
Date: Sat, 15 Nov 2025 19:03:17 -0600
Subject: [PATCH] Update vCenter-SSL.ps1

---
 inc/vCenter-SSL.ps1 | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/inc/vCenter-SSL.ps1 b/inc/vCenter-SSL.ps1
index 11f6f4cb..d55872d6 100644
--- a/inc/vCenter-SSL.ps1
+++ b/inc/vCenter-SSL.ps1
@@ -1,6 +1,6 @@
 #!/usr/bin/env pwsh
 # -----------------------------------------------------------------------------------
-# vCenter + Posh-ACME Script (Linux/macOS-safe, HttpClient login)
+# vCenter + Posh-ACME Script (Linux/macOS-safe, TLS 1.2 enforced)
 # -----------------------------------------------------------------------------------
 
 . /opt/idssys/nodemgmt/conf/powerwall/settings.ps1
@@ -11,6 +11,11 @@
 $global:helpme = $null
 $global:responseBody = $null
 
+# ----------------------------
+# Force TLS 1.2 globally
+# ----------------------------
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
 # ----------------------------
 # Error handler
 # ----------------------------
@@ -87,7 +92,7 @@ $EmailContact = $ACMEEMAIL
 
 [PSCredential]$Credential = New-Object System.Management.Automation.PSCredential -ArgumentList $VCENTERUSER, (ConvertTo-SecureString $VCENTERPASS -AsPlainText -Force)
 
-# PowerDNS plugin args (plain string API key!)
+# PowerDNS plugin args (plain string API key)
 $pArgs = @{
     PowerDNSApiHost    = $WDNSHOST
     PowerDNSApiKey     = $PDNSAPI
@@ -105,12 +110,13 @@ if (-not (Get-Module -ListAvailable -Name Posh-ACME)) {
 Import-Module Posh-ACME -ErrorAction Stop
 
 # ----------------------------
-# Connect to vCenter API using HttpClient (robust)
+# Connect to vCenter API using HttpClient (TLS 1.2 enforced)
 # ----------------------------
 Write-Host "Connecting to vCenter at $vCenterURL ..." -ForegroundColor Cyan
 
 try {
     $handler = [System.Net.Http.HttpClientHandler]::new()
+    $handler.SslProtocols = [System.Security.Authentication.SslProtocols]::Tls12
     $handler.ServerCertificateCustomValidationCallback = { $true }
 
     $client = [System.Net.Http.HttpClient]::new($handler)