Follow

Info: How to use PowerShell to retrieve certificates from a Thawte CA

 

SYNOPSIS:

 

The Thawte-Retrieve.ps1 script is designed to read a file containing a list of active order numbers from Thawte. These order numbers will be provided by the client and can be obtained via the Thawte admin portal (standard reports).

 

Once the input file has been created the script will download each certificate over REST API calls and save the results (in base64 encoded format) to a filename\location provided.

 

SUPPLEMENTAL COMPONENTS:

 

ImportCertificateXML – Needed to convert base64 encoded format to XML for consumption by TPP. (This is a licensed utility and will require a PS license key – Product Code: ICX)

SCHEMATOOL – Needed to import XML results to the policy tree. (Included with TPP configuration)

 

ADDITIONAL CONSIDERATIONS:

 

Confirm the client has API capabilities as part of their Thawte subscription[1].

 

KNOWN ISSUES:

 

The use of special characters within the password (i.e #,!,;) has been identified as problematic in passing the password within the PowerShell script. The resulting condition is that the script will run but not generating an output file.

 

 Actions:

  1. Parse the clients existing report (CSV) and create an input file which includes a list of active order numbers.      
  2. Replace path and/or filenames for input and output files. (highlighted in red below in sample code)
  3. Replace CLIENT_USERNAME with the clients admin login account usually an e-mail address. (highlighted in red below in sample code)
  4. Replace CLIENT_PASSWORD with the associated password. (highlighted in red below in sample code)

 

SAMPLE CODE:

 

$lines = Get-Content c:\temp\input.txt

 

foreach ($line in $lines) {

   $result = Invoke-RestMethod -Uri "https://ssl-certificate-center-enterprise.thawte.com/service/api/certificatePickup?brand=thawte&userName=CLIENT_USERNAME&password=CLIENT_PASSWORD&orderNumber=$($line)&format=x509" -Method Post

   Start-Sleep 1

   $result

   if ($result -ne $null -and $result.CertificateServiceResponse.statusMessage -eq "success") {

       $result.CertificateServiceResponse.Certificate | out-file -FilePath c:\temp\output.txt -Append

   }

}

 

[1] Provided the client has an Enterprise Account Thawte makes its API’s available.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk