81 lines
3.0 KiB
PowerShell
81 lines
3.0 KiB
PowerShell
|
function Update-CertBindings {
|
||
|
<#
|
||
|
.SYNOPSIS
|
||
|
Updates all sites in IIS using a certificate to a new certificate if the existing certificate's thumbprint matches the value passed in.
|
||
|
|
||
|
.PARAMETER existingCertThumbprint
|
||
|
|
||
|
The existing Cert Thumprint. This must be passed in with the spaces "10 11 14 be"
|
||
|
|
||
|
.PARAMETER replacementCertThumbprint
|
||
|
|
||
|
The replacement Cert Thumprint. This must be passed in with the spaces "10 11 14 be"
|
||
|
#>
|
||
|
[CmdletBinding()]
|
||
|
Param(
|
||
|
[parameter(Mandatory=$true)]
|
||
|
[ValidateNotNullorEmpty()]
|
||
|
[string]$existingCertThumbprint,
|
||
|
|
||
|
[parameter(Mandatory=$true)]
|
||
|
[ValidateNotNullorEmpty()]
|
||
|
[string]$replacementCertThumbprint
|
||
|
)
|
||
|
$existingCertByteArray = $existingCertThumbprint.Split(" ") | ForEach-Object { [CONVERT]::toint16($_,16)}
|
||
|
$existingCertThumbprint = $existingCertThumbprint -replace " "
|
||
|
$existingCert = Get-ChildItem -PATH "CERT:\\LocalMachine\My\$existingCertThumbprint" -Recurse
|
||
|
|
||
|
if (!$existingCert)
|
||
|
{
|
||
|
throw "Unable to find existing cert in the store with the thumbprint $existingCertThumbprint"
|
||
|
}
|
||
|
|
||
|
$replacementCertByteArray = $replacementCertThumbprint.Split(" ") | ForEach-Object { [CONVERT]::toint16($_,16)}
|
||
|
$replacementCertThumbprint = $replacementCertThumbprint -replace " "
|
||
|
$replacementCert = Get-ChildItem -PATH "CERT:\\LocalMachine\My\$replacementCertThumbprint" -Recurse
|
||
|
|
||
|
if (!$replacementCert)
|
||
|
{
|
||
|
throw "Unable to find replacement cert in the store with the thumbprint $replacementCertThumbprint"
|
||
|
}
|
||
|
|
||
|
$serverManager = New-Object Microsoft.Web.Administration.ServerManager
|
||
|
|
||
|
foreach ($site in $serverManager.sites) {
|
||
|
|
||
|
$applicableBindings = $site.Bindings | Where-Object {$null -ne $_.CertificateHash}
|
||
|
|
||
|
if ($applicableBindings.Count -eq 0)
|
||
|
{
|
||
|
Write-Host ("Site {0} does not have any existing certificate bindings." -f $site.Name)
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
foreach ($binding in $applicableBindings)
|
||
|
{
|
||
|
$hash = $binding.CertificateHash
|
||
|
|
||
|
#Write-Host ("Certificate Hash for site {0} is $hash" -f $binding.CertificateHash)
|
||
|
|
||
|
if (@(Compare-Object $hash $existingCertByteArray -sync 0).Length -eq 0)
|
||
|
{
|
||
|
Write-Host ("Updating binding for site {0}" -f $site.Name)
|
||
|
$existingBinding = $binding
|
||
|
$existingBinding.CertificateHash = $replacementCertByteArray
|
||
|
|
||
|
Save-IISServerManagerChanges $serverManager
|
||
|
}
|
||
|
elseif (@(Compare-Object $hash $replacementCertByteArray -sync 0).Length -eq 0)
|
||
|
{
|
||
|
Write-Host ("The binding for site {0} is already using the new certificate" -f $site.Name)
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
Write-Host ("The binding cert hash did not match the old or new certificate for site {0}." -f $site.Name)
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|