ps/Modules/Alkami.DevOps.Certificates/Public/Update-CertBindings.ps1

function Update-CertBindings {
<#
.SYNOPSIS
    Updates all sites in IIS using a certificate to a new certificate if the existing certificate's thumbprint matches the value passed in.

    .PARAMETER existingCertThumbprint

    The existing Cert Thumprint. This must be passed in with the spaces "10 11 14 be"

    .PARAMETER replacementCertThumbprint

   The replacement Cert Thumprint. This must be passed in with the spaces "10 11 14 be"
#>
    [CmdletBinding()]
    Param(
        [parameter(Mandatory=$true)]
        [ValidateNotNullorEmpty()]
        [string]$existingCertThumbprint,

        [parameter(Mandatory=$true)]
        [ValidateNotNullorEmpty()]
        [string]$replacementCertThumbprint
    )
    $existingCertByteArray = $existingCertThumbprint.Split(" ") | ForEach-Object { [CONVERT]::toint16($_,16)}
    $existingCertThumbprint = $existingCertThumbprint -replace " "
    $existingCert = Get-ChildItem -PATH "CERT:\\LocalMachine\My\$existingCertThumbprint" -Recurse

    if (!$existingCert)
    {
        throw "Unable to find existing cert in the store with the thumbprint $existingCertThumbprint"
    }

    $replacementCertByteArray = $replacementCertThumbprint.Split(" ") | ForEach-Object { [CONVERT]::toint16($_,16)}
    $replacementCertThumbprint = $replacementCertThumbprint -replace " "
    $replacementCert = Get-ChildItem -PATH "CERT:\\LocalMachine\My\$replacementCertThumbprint" -Recurse

    if (!$replacementCert)
    {
        throw "Unable to find replacement cert in the store with the thumbprint $replacementCertThumbprint"
    }

    $serverManager = New-Object Microsoft.Web.Administration.ServerManager

    foreach ($site in $serverManager.sites) {

        $applicableBindings = $site.Bindings | Where-Object {$null -ne $_.CertificateHash}

        if ($applicableBindings.Count -eq 0)
        {
            Write-Host ("Site {0} does not have any existing certificate bindings." -f $site.Name)
        }
        else
        {
            foreach ($binding in $applicableBindings)
            {
                $hash = $binding.CertificateHash

                #Write-Host ("Certificate Hash for site {0} is $hash" -f $binding.CertificateHash)

                if (@(Compare-Object $hash $existingCertByteArray -sync 0).Length -eq 0)
                {
                    Write-Host ("Updating binding for site {0}" -f $site.Name)
                    $existingBinding = $binding
                    $existingBinding.CertificateHash = $replacementCertByteArray

                    Save-IISServerManagerChanges $serverManager
                }
                elseif (@(Compare-Object $hash $replacementCertByteArray -sync 0).Length -eq 0)
                {
                    Write-Host ("The binding for site {0} is already using the new certificate" -f $site.Name)
                }
                else
                {
                    Write-Host ("The binding cert hash did not match the old or new certificate for site {0}." -f $site.Name)
                }
            }
        }
    }
}
First full commit 2023-05-30 22:51:22 -07:00			`function Update-CertBindings {`
			`<#`
			`.SYNOPSIS`
			`Updates all sites in IIS using a certificate to a new certificate if the existing certificate's thumbprint matches the value passed in.`

			`.PARAMETER existingCertThumbprint`

			`The existing Cert Thumprint. This must be passed in with the spaces "10 11 14 be"`

			`.PARAMETER replacementCertThumbprint`

			`The replacement Cert Thumprint. This must be passed in with the spaces "10 11 14 be"`
			`#>`
			`[CmdletBinding()]`
			`Param(`
			`[parameter(Mandatory=$true)]`
			`[ValidateNotNullorEmpty()]`
			`[string]$existingCertThumbprint,`

			`[parameter(Mandatory=$true)]`
			`[ValidateNotNullorEmpty()]`
			`[string]$replacementCertThumbprint`
			`)`
			`$existingCertByteArray = $existingCertThumbprint.Split(" ") \| ForEach-Object { [CONVERT]::toint16($_,16)}`
			`$existingCertThumbprint = $existingCertThumbprint -replace " "`
			`$existingCert = Get-ChildItem -PATH "CERT:\\LocalMachine\My\$existingCertThumbprint" -Recurse`

			`if (!$existingCert)`
			`{`
			`throw "Unable to find existing cert in the store with the thumbprint $existingCertThumbprint"`
			`}`

			`$replacementCertByteArray = $replacementCertThumbprint.Split(" ") \| ForEach-Object { [CONVERT]::toint16($_,16)}`
			`$replacementCertThumbprint = $replacementCertThumbprint -replace " "`
			`$replacementCert = Get-ChildItem -PATH "CERT:\\LocalMachine\My\$replacementCertThumbprint" -Recurse`

			`if (!$replacementCert)`
			`{`
			`throw "Unable to find replacement cert in the store with the thumbprint $replacementCertThumbprint"`
			`}`

			`$serverManager = New-Object Microsoft.Web.Administration.ServerManager`

			`foreach ($site in $serverManager.sites) {`

			`$applicableBindings = $site.Bindings \| Where-Object {$null -ne $_.CertificateHash}`

			`if ($applicableBindings.Count -eq 0)`
			`{`
			`Write-Host ("Site {0} does not have any existing certificate bindings." -f $site.Name)`
			`}`
			`else`
			`{`
			`foreach ($binding in $applicableBindings)`
			`{`
			`$hash = $binding.CertificateHash`

			`#Write-Host ("Certificate Hash for site {0} is $hash" -f $binding.CertificateHash)`

			`if (@(Compare-Object $hash $existingCertByteArray -sync 0).Length -eq 0)`
			`{`
			`Write-Host ("Updating binding for site {0}" -f $site.Name)`
			`$existingBinding = $binding`
			`$existingBinding.CertificateHash = $replacementCertByteArray`

			`Save-IISServerManagerChanges $serverManager`
			`}`
			`elseif (@(Compare-Object $hash $replacementCertByteArray -sync 0).Length -eq 0)`
			`{`
			`Write-Host ("The binding for site {0} is already using the new certificate" -f $site.Name)`
			`}`
			`else`
			`{`
			`Write-Host ("The binding cert hash did not match the old or new certificate for site {0}." -f $site.Name)`
			`}`
			`}`
			`}`
			`}`
			`}`