Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/aldaviva/ciscoendpointcertificatedeployer
🔒 Automatically upload and activate PKCS #12 PFX TLS certificates and private keys to Cisco video conferencing endpoints running TC, CE, or RoomOS software. Useful for Let's Encrypt automation, such as Certify The Web.
https://github.com/aldaviva/ciscoendpointcertificatedeployer
certificates certifytheweb cisco letsencrypt pfx pkcs12 roomos telepresence tls-certificate video-conferencing
Last synced: about 18 hours ago
JSON representation
🔒 Automatically upload and activate PKCS #12 PFX TLS certificates and private keys to Cisco video conferencing endpoints running TC, CE, or RoomOS software. Useful for Let's Encrypt automation, such as Certify The Web.
- Host: GitHub
- URL: https://github.com/aldaviva/ciscoendpointcertificatedeployer
- Owner: Aldaviva
- License: apache-2.0
- Created: 2021-08-07T20:39:56.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2024-07-30T11:54:12.000Z (2 months ago)
- Last Synced: 2024-07-30T14:50:15.859Z (2 months ago)
- Topics: certificates, certifytheweb, cisco, letsencrypt, pfx, pkcs12, roomos, telepresence, tls-certificate, video-conferencing
- Language: C#
- Homepage:
- Size: 17 MB
- Stars: 2
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
- License: License.txt
Awesome Lists containing this project
README
CiscoEndpointCertificateDeployer
===Automatically upload and activate a PFX certificate and private key to a Cisco video conferencing endpoint running TC7, CE8, or later software. Useful for Let's Encrypt automation, such as Certify The Web.
1. [Requirements](#requirements)
1. [Usage](#usage)
1. [Result](#result)
1. [Let's Encrypt](#lets-encrypt)
## Requirements
- [.NET 8 x64 runtime](https://dotnet.microsoft.com/en-us/download/dotnet/8.0) or later
- [Cisco video conferencing endpoint](https://www.cisco.com/c/en/us/products/collaboration-endpoints/collaboration-room-endpoints/index.html)
- *Also known as TelePresence, Collaboration Endpoint, Webex Device, room system, and codec*
- TC, CE, or RoomOS software (tested with TC7, CE9, RoomOS 10, and RoomOS 11)
- IX5000 is not supported
- Username and password for an enabled account with the Admin role. If the endpoint is registered to Webex, you will need to manually enable this account.
- HTTPS and SSH server must be enabled
- A DNS entry, such as an A record that points to the endpoint's IPv4 address, so that browsers can validate the certificate's subject CN```bat
CiscoEndpointCertificateDeployer.exe certificatePath endpointHost endpointUsername endpointPassword applyToServices
```
certificatePath
- The absolute filesystem path of a PFX file to upload. It must have been exported with the private key.
endpointHost
- The hostname (such as the IP address or FQDN) of the endpoint.
endpointUsername
- The username of an account on the endpoint with the Admin role. The factory default for Cisco endpoints is
admin
. endpointPassword
- The passphrase used to log in to the user above. The factory default for Cisco endpoints is the empty string.
applyToServices
- A comma-delimited list of service names with which the new certificate will be used. Defaults to
https
, but you can include SIPS by passinghttps,sip
.
### Example
```bat
"C:\Program Files\CiscoEndpointCertificateDeployer\CiscoEndpointCertificateDeployer.exe" "C:\ProgramData\certify\assets\myendpoint.mycompany.com\20210817_abcdefgh.pfx" myendpoint.mycompany.com admin CISCO https,sip
```
![Security Services screenshot](.github/images/security-services.png)
![Certificate Details screenshot](.github/images/certificate-details.png)
You can use this program to automatically maintain valid certificates issued by a trusted root certificate authority like [Let's Encrypt](https://letsencrypt.org) on your Cisco endpoints. DNS verification, rather than HTTP verification, is particularly helpful when the endpoints' web servers are not exposed to inbound traffic from the internet, which you should not allow through your firewall.
You can use [Certify The Web](https://certifytheweb.com) on a Windows computer to automatically renew certificates and deploy them with this program.
1. [Download](https://certifytheweb.com/home/download) and install Certify The Web.
1. Click `New Certificate`.
1. Register your email address with Let's Encrypt.
1. In the **Certificate** tab, add a domain like `myendpoint.mycompany.com` to the certificate, then click the `+` button.
1. In the **Authorization** tab, change the **Challenge Type** to **dns-01**, select your DNS provider from the **DNS Update Method** list, and supply the **Credentials** for your DNS provider with the `New` button.
1. In the Deployment tab, set the Deployment Mode to **No Deployment**, since deployments are only used for local IIS servers.
1. In the Tasks tab, add a new Deployment Task, choose **Run Powershell Script**, and set the following properties.
|Name|Value|
|---|---|
|Task Name|Deploy Certificate to Cisco Endpoint|
|Description|Upload and activate certificate on Cisco endpoint using HTTP and SSH.|
|Trigger|Run On Success|
|Run task even if previous task step failed|☐|
|Authentication|Local (as current service user)|
|Program/Script|*The absolute path to the [PowerShell script](https://github.com/Aldaviva/CiscoEndpointCertificateDeployer/blob/master/CiscoEndpointCertificateDeployer/CiscoEndpointCertificateDeployer.ps1) included with this program, such as* `C:\Program Files\CiscoEndpointCertificateDeployer\CiscoEndpointCertificateDeployer.ps1`|
|Pass Result as First Arg|☑|
|Impersonation LogonType|Service|
|Arguments|*Details about your endpoint, in the form* `endpointHostname=myendpoint.mycompany.com;endpointUsername=admin;endpointPassword=CISCO;applyToServices=https,sip`|
|Script Timeout Mins.||
|Launch New Process|☐|
1. Click the Save button.
1. Optionally ensure the domain validation is working using the `Test` button.
1. Request and deploy a certificate using the `Request certificate` button.