Force overwrite Certificate property during certificate rotate (#251)

# Description Summary of changes: - Fixed an issue where certificate property is not updated properly - Improved logging for cleanup of certificates after rotate # Change type - [x] Bug fix (non-breaking change) - [ ] Code style update (formatting, local variables) - [ ] New Feature (non-breaking change that adds new functionality without impacting existing) - [ ] Breaking change (fix or feature that may cause functionality impact) - [ ] Other # Checklist: - [x] My code follows the style and contribution guidelines of this project. - [x] I have tested and validated my code changes.
microsoft · Apr 4, 2024 · 359d2ee · 359d2ee
1 parent c4cfa58
commit 359d2ee
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/src/modules/SdnDiag.LoadBalancerMux/public/Start-SdnMuxCertificateRotation.ps1 b/src/modules/SdnDiag.LoadBalancerMux/public/Start-SdnMuxCertificateRotation.ps1
@@ -160,7 +160,7 @@ function Start-SdnMuxCertificateRotation {
             else {
                 # in instances where the certificate property does not exist, we will need to add it
                 # this typically will occur if converting from CA issued certificate to self-signed certificate
-                $virtualServer.properties | Add-Member -MemberType NoteProperty -Name 'certificate' -Value $encoding
+                $virtualServer.properties | Add-Member -MemberType NoteProperty -Name 'certificate' -Value $encoding -Force
             }
             $jsonBody = $virtualServer | ConvertTo-Json -Depth 100
 
@@ -186,9 +186,12 @@ function Start-SdnMuxCertificateRotation {
             } -ArgumentList $obj.Certificate
 
             if ($certsToExamine) {
+                "`nMultiple certificates detected for Subject: {0}. Examine the certificates and cleanup if no longer needed." -f $obj.Certificate.Subject | Trace-Output -Level:Warning
                 foreach ($cert in $certsToExamine) {
-                    "Examine certificate subject {0} and thumbprint {1} on {2} and remove if no longer needed" -f $cert.Subject, $cert.Thumbprint, $obj.managementAddress | Trace-Output -Level:Warning
+                    "`t[{0}] Thumbprint: {1}" -f $cert.PSComputerName, $cert.Thumbprint | Trace-Output -Level:Warning
                 }
+
+                Write-Host "" # insert empty line for better readability
             }
 
             # restart the slb mux service on the mux

diff --git a/src/modules/SdnDiag.Server/public/New-SdnServerCertificate.ps1 b/src/modules/SdnDiag.Server/public/New-SdnServerCertificate.ps1
@@ -20,7 +20,7 @@ function New-SdnServerCertificate {
         [datetime]$NotAfter = (Get-Date).AddYears(3),
 
         [Parameter(Mandatory = $false)]
-        [System.String]$Path = "$(Get-WorkingDirectory)\MuxCert_{0}" -f (Get-FormattedDateTimeUTC),
+        [System.String]$Path = "$(Get-WorkingDirectory)\ServerCert_{0}" -f (Get-FormattedDateTimeUTC),
 
         [Parameter(Mandatory = $false)]
         [System.Object]$FabricDetails,

diff --git a/src/modules/SdnDiag.Server/public/Start-SdnServerCertificateRotation.ps1 b/src/modules/SdnDiag.Server/public/Start-SdnServerCertificateRotation.ps1
@@ -159,7 +159,7 @@ function Start-SdnServerCertificateRotation {
             else {
                 # in instances where the certificate property does not exist, we will need to add it
                 # this typically will occur if converting from CA issued certificate to self-signed certificate
-                $server.properties | Add-Member -MemberType NoteProperty -Name 'certificate' -Value $encoding
+                $server.properties | Add-Member -MemberType NoteProperty -Name 'certificate' -Value $encoding -Force
             }
             $jsonBody = $server | ConvertTo-Json -Depth 100
 
@@ -185,9 +185,12 @@ function Start-SdnServerCertificateRotation {
             } -ArgumentList $obj.Certificate
 
             if ($certsToExamine) {
+                "`nMultiple certificates detected for Subject: {0}. Examine the certificates and cleanup if no longer needed." -f $obj.Certificate.Subject | Trace-Output -Level:Warning
                 foreach ($cert in $certsToExamine) {
-                    "Examine certificate subject {0} and thumbprint {1} on {2} and remove if no longer needed" -f $cert.Subject, $cert.Thumbprint, $obj.managementAddress | Trace-Output -Level:Warning
+                    "`t[{0}] Thumbprint: {1}" -f $cert.PSComputerName, $cert.Thumbprint | Trace-Output -Level:Warning
                 }
+
+                Write-Host "" # insert empty line for better readability
             }
 
             # restart nchostagent on server