From f913e7d4e895dea293509796d14ce3e1ced02910 Mon Sep 17 00:00:00 2001 From: David Schroeder Date: Wed, 19 Nov 2025 22:46:45 -0600 Subject: [PATCH] Update vCenter-SSL.ps1 --- inc/vCenter-SSL.ps1 | 60 ++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/inc/vCenter-SSL.ps1 b/inc/vCenter-SSL.ps1 index 4ba644c2..44e1f11b 100644 --- a/inc/vCenter-SSL.ps1 +++ b/inc/vCenter-SSL.ps1 @@ -44,7 +44,7 @@ function Show-Failure { param([System.Management.Automation.ErrorRecord]$ErrorRecord) $msg = $ErrorRecord.Exception.Message - Write-Log ERROR $msg + Write-Log ERROR $msg -ForegroundColor Red Write-Host "======================================================" -ForegroundColor Red Write-Host "ERROR: $msg" -ForegroundColor Red Write-Host "======================================================" -ForegroundColor Red @@ -77,7 +77,7 @@ try { if (-not (Get-Module -ListAvailable -Name Posh-ACME)) { Install-Module Posh-ACME -Force -Scope AllUsers } - Import-Module Posh-ACME -ErrorAction Stop *>$null + Import-Module Posh-ACME -ErrorAction Stop *>$null -ForegroundColor Red Write-Log INFO "Posh-ACME loaded." } catch { Show-Failure $_ } @@ -100,7 +100,7 @@ try { $vms = Get-VM Write-Log INFO "Retrieved $($vms.Count) VMs from vCenter." } catch { - Write-Log WARN "Failed to enumerate VMs: $($_.Exception.Message)" + Write-Log WARN "Failed to enumerate VMs: $($_.Exception.Message)" -ForegroundColor Orange } # ---------------------------- @@ -119,7 +119,7 @@ try { Select-Object -First 1 } } catch { - Write-Log WARN "Failed to query Posh-ACME certificates: $($_.Exception.Message)" + Write-Log WARN "Failed to query Posh-ACME certificates: $($_.Exception.Message)" -ForegroundColor Orange } if ($paCert) { @@ -134,7 +134,7 @@ if ($paCert) { $needNewCert = $false } } else { - Write-Log WARN "No existing cert found — issuance required." + Write-Log WARN "No existing cert found — issuance required." -ForegroundColor Orange $needNewCert = $true } @@ -167,17 +167,17 @@ if ($needNewCert) { $paCert = Get-PACertificate Write-Log INFO ("New certificate issued: NotAfter={0}" -f $paCert.NotAfter) } catch { - Write-Log ERROR ("ACME issuance failed: {0}" -f $_.Exception.Message) + Write-Log ERROR ("ACME issuance failed: {0}" -f $_.Exception.Message) -ForegroundColor Red if (-not $paCert) { - Write-Log ERROR "No fallback certificate exists — aborting." + Write-Log ERROR "No fallback certificate exists — aborting." -ForegroundColor Red exit 1 } - Write-Log WARN "Using existing Posh-ACME certificate." + Write-Log WARN "Using existing Posh-ACME certificate." -ForegroundColor Orange } } if (-not $paCert) { - Write-Log ERROR "No usable certificate available — aborting." + Write-Log ERROR "No usable certificate available — aborting." -ForegroundColor Red exit 1 } @@ -185,23 +185,23 @@ if ($needNewCert) { # # ---------------------------- # # Certificate file resolution # # ---------------------------- - # $certFolder = Split-Path $paCert.CertFile -Parent - # - # $certPath = Join-Path $certFolder "cert.cer" - # $keyPath = Join-Path $certFolder "cert.key" - # $chainPath = Join-Path $certFolder "chain.cer" - # - # Write-Log INFO "Using cert folder: $certFolder" - # Write-Log INFO " CERT : $certPath" - # Write-Log INFO " KEY : $keyPath" - # Write-Log INFO " CHAIN: $chainPath" - # - # foreach ($f in @($certPath,$keyPath,$chainPath)) { - # if (-not (Test-Path $f)) { - # Write-Log ERROR "Missing cert file: $f" - # exit 1 - # } - # } + $certFolder = Split-Path $paCert.CertFile -Parent + + $certPath = Join-Path $certFolder "cert.cer" + $keyPath = Join-Path $certFolder "cert.key" + $chainPath = Join-Path $certFolder "chain.cer" + + Write-Log INFO "Using cert folder: $certFolder" + Write-Log INFO " CERT : $certPath" + Write-Log INFO " KEY : $keyPath" + Write-Log INFO " CHAIN: $chainPath" + + foreach ($f in @($certPath,$keyPath,$chainPath)) { + if (-not (Test-Path $f)) { + Write-Log ERROR "Missing cert file: $f" -ForegroundColor Red + exit 1 + } + } # ---------------------------- # Add CA chain to trusted store (remove duplicates) @@ -219,7 +219,7 @@ if ($needNewCert) { Add-VITrustedCertificate -PemCertificateOrChain $pemChain -VCenterOnly -Confirm:$false | Out-Null } catch { - Write-Log WARN "Failed to manage CA trust entries: $($_.Exception.Message)" + Write-Log WARN "Failed to manage CA trust entries: $($_.Exception.Message)" -FvoregroundColor Orange } # ---------------------------- @@ -235,7 +235,7 @@ if ($needNewCert) { $needPush = $false } } catch { - Write-Log WARN "Unable to read vCenter cert, assuming update required." + Write-Log WARN "Unable to read vCenter cert, assuming update required." -ForegroundColor Orange } # ---------------------------- @@ -266,7 +266,7 @@ if ($needNewCert) { $null = $svc | Restart-VIApplianceService -Confirm:$false Write-Log INFO "vpxd restarted successfully." } catch { - Write-Log WARN "vpxd restart failed: $($_.Exception.Message)" + Write-Log WARN "vpxd restart failed: $($_.Exception.Message)" -ForegroundColor Orange } # ---------------------------- @@ -280,7 +280,7 @@ if ($needNewCert) { $result = bash -c $sshCmd Write-Log INFO "Veeam rescan result: $result" } catch { - Write-Log WARN "Veeam rescan failed: $($_.Exception.Message)" + Write-Log WARN "Veeam rescan failed: $($_.Exception.Message)" -ForegroundColor Orange } }