Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aldaviva/ciscoendpointcertificatedeployer

🔒 Automatically upload and activate PKCS #12 PFX TLS certificates and private keys to Cisco video conferencing endpoints running TC, CE, or RoomOS software. Useful for Let's Encrypt automation, such as Certify The Web.
https://github.com/aldaviva/ciscoendpointcertificatedeployer

certificates certifytheweb cisco letsencrypt pfx pkcs12 roomos telepresence tls-certificate video-conferencing

Last synced: about 18 hours ago
JSON representation

Host: GitHub
URL: https://github.com/aldaviva/ciscoendpointcertificatedeployer
Owner: Aldaviva
License: apache-2.0
Created: 2021-08-07T20:39:56.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2024-07-30T11:54:12.000Z (2 months ago)
Last Synced: 2024-07-30T14:50:15.859Z (2 months ago)
Topics: certificates, certifytheweb, cisco, letsencrypt, pfx, pkcs12, roomos, telepresence, tls-certificate, video-conferencing
Language: C#
Homepage:
Size: 17 MB
Stars: 2
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: Readme.md
- License: License.txt

Awesome Lists containing this project

README

CiscoEndpointCertificateDeployer
===

Automatically upload and activate a PFX certificate and private key to a Cisco video conferencing endpoint running TC7, CE8, or later software. Useful for Let's Encrypt automation, such as Certify The Web.

1. [Requirements](#requirements)
1. [Usage](#usage)
1. [Result](#result)
1. [Let's Encrypt](#lets-encrypt)

## Requirements
- [.NET 8 x64 runtime](https://dotnet.microsoft.com/en-us/download/dotnet/8.0) or later
- [Cisco video conferencing endpoint](https://www.cisco.com/c/en/us/products/collaboration-endpoints/collaboration-room-endpoints/index.html)
- *Also known as TelePresence, Collaboration Endpoint, Webex Device, room system, and codec*
- TC, CE, or RoomOS software (tested with TC7, CE9, RoomOS 10, and RoomOS 11)
- IX5000 is not supported
- Username and password for an enabled account with the Admin role. If the endpoint is registered to Webex, you will need to manually enable this account.
- HTTPS and SSH server must be enabled
- A DNS entry, such as an A record that points to the endpoint's IPv4 address, so that browsers can validate the certificate's subject CN

## Usage

```bat
CiscoEndpointCertificateDeployer.exe certificatePath endpointHost endpointUsername endpointPassword applyToServices
```

certificatePath: The absolute filesystem path of a PFX file to upload. It must have been exported with the private key.
endpointHost: The hostname (such as the IP address or FQDN) of the endpoint.
endpointUsername: The username of an account on the endpoint with the Admin role. The factory default for Cisco endpoints is admin.
endpointPassword: The passphrase used to log in to the user above. The factory default for Cisco endpoints is the empty string.
applyToServices: A comma-delimited list of service names with which the new certificate will be used. Defaults to https, but you can include SIPS by passing https,sip.

### Example
```bat
"C:\Program Files\CiscoEndpointCertificateDeployer\CiscoEndpointCertificateDeployer.exe" "C:\ProgramData\certify\assets\myendpoint.mycompany.com\20210817_abcdefgh.pfx" myendpoint.mycompany.com admin CISCO https,sip
```

## Result

![Security Services screenshot](.github/images/security-services.png)

![Certificate Details screenshot](.github/images/certificate-details.png)

## Let's Encrypt

You can use this program to automatically maintain valid certificates issued by a trusted root certificate authority like [Let's Encrypt](https://letsencrypt.org) on your Cisco endpoints. DNS verification, rather than HTTP verification, is particularly helpful when the endpoints' web servers are not exposed to inbound traffic from the internet, which you should not allow through your firewall.

### Certify The Web

You can use [Certify The Web](https://certifytheweb.com) on a Windows computer to automatically renew certificates and deploy them with this program.

1. [Download](https://certifytheweb.com/home/download) and install Certify The Web.
1. Click `New Certificate`.
1. Register your email address with Let's Encrypt.
1. In the **Certificate** tab, add a domain like `myendpoint.mycompany.com` to the certificate, then click the `+` button.
1. In the **Authorization** tab, change the **Challenge Type** to **dns-01**, select your DNS provider from the **DNS Update Method** list, and supply the **Credentials** for your DNS provider with the `New` button.
1. In the Deployment tab, set the Deployment Mode to **No Deployment**, since deployments are only used for local IIS servers.
1. In the Tasks tab, add a new Deployment Task, choose **Run Powershell Script**, and set the following properties.
|Name|Value|
|---|---|
|Task Name|Deploy Certificate to Cisco Endpoint|
|Description|Upload and activate certificate on Cisco endpoint using HTTP and SSH.|
|Trigger|Run On Success|
|Run task even if previous task step failed|☐|
|Authentication|Local (as current service user)|
|Program/Script|*The absolute path to the [PowerShell script](https://github.com/Aldaviva/CiscoEndpointCertificateDeployer/blob/master/CiscoEndpointCertificateDeployer/CiscoEndpointCertificateDeployer.ps1) included with this program, such as* `C:\Program Files\CiscoEndpointCertificateDeployer\CiscoEndpointCertificateDeployer.ps1`|
|Pass Result as First Arg|☑|
|Impersonation LogonType|Service|
|Arguments|*Details about your endpoint, in the form* `endpointHostname=myendpoint.mycompany.com;endpointUsername=admin;endpointPassword=CISCO;applyToServices=https,sip`|
|Script Timeout Mins.||
|Launch New Process|☐|
1. Click the Save button.
1. Optionally ensure the domain validation is working using the `Test` button.
1. Request and deploy a certificate using the `Request certificate` button.