PowerShell Module Design

This is a place to brainstorm about design and implementation ideas.

General Ideas:

• Oriented around a local "store" of information
  • Server Directory (endpoint mapping and config)
  • Registration details
    • Contact Info
    • Local copy of ToS
  • Identifiers
    • Authorization details
    • Some sensitive details
  • Certs
    • CSRs
    • Private Keys - sensitive
    • Public Certs
    • Revocations
• The "store" will use a provider model
  • Need to support storing or classifying of sensitive details
  • Initial implementation supporting file-based storage
    • Using file perms (and maybe EFS?) to store sensitive elements

POSH Module

Local Store Management and Configuration

• Init-ACMEStore - create and initialize a local store
  • Init-ACMEStore -Base <base-URI> -Signer <sign-provider> -
• Set-ACMEServerDirectory - manage ACME server URI endpoints and related configuration
  • Set-ACMEServerDirectory -Base <base-URI> -IssuerCert <URI> -ResourceMap @{ Id=Path; Id=Path }
  • Set-ACMEServerDirectory -Resource <res-id> -Path <res-path>

ACME Actions

• Registration
  • New-ACMERegistration - create a new registration request
    • -Contacts <string[]> [string[]] - required, one or more contact references (email, phone, etc.)
    • -AcceptTOS [switch] - accept the Terms Of Service and complete the registration
  • Update-ACMERegistration
    • -AcceptTOS [switch]
    • -Contacts <contacts-list> [string[]] - updates (replaces) contact references
    • -UseBaseURI [switch] - by default uses the Reg URI in the initial request; this overrides to use the base URI configured in the local store
  • Get-ACMERegistration
    • -LocalOnly [switch] - don't call to server, only provide status from local store
• New-ACMEIdentifier
• New-ACMECertificate