function Update-CertBindings {
<#
.SYNOPSIS
    Updates all sites in IIS using a certificate to a new certificate if the existing certificate's thumbprint matches the value passed in.

    .PARAMETER existingCertThumbprint

    The existing Cert Thumprint. This must be passed in with the spaces "10 11 14 be"

    .PARAMETER replacementCertThumbprint

   The replacement Cert Thumprint. This must be passed in with the spaces "10 11 14 be"
#>
    [CmdletBinding()]
    Param(
        [parameter(Mandatory=$true)]
        [ValidateNotNullorEmpty()]
        [string]$existingCertThumbprint,

        [parameter(Mandatory=$true)]
        [ValidateNotNullorEmpty()]
        [string]$replacementCertThumbprint
    )
    $existingCertByteArray = $existingCertThumbprint.Split(" ") | ForEach-Object { [CONVERT]::toint16($_,16)}
    $existingCertThumbprint = $existingCertThumbprint -replace " "
    $existingCert = Get-ChildItem -PATH "CERT:\\LocalMachine\My\$existingCertThumbprint" -Recurse

    if (!$existingCert)
    {
        throw "Unable to find existing cert in the store with the thumbprint $existingCertThumbprint"
    }

    $replacementCertByteArray = $replacementCertThumbprint.Split(" ") | ForEach-Object { [CONVERT]::toint16($_,16)}
    $replacementCertThumbprint = $replacementCertThumbprint -replace " "
    $replacementCert = Get-ChildItem -PATH "CERT:\\LocalMachine\My\$replacementCertThumbprint" -Recurse

    if (!$replacementCert)
    {
        throw "Unable to find replacement cert in the store with the thumbprint $replacementCertThumbprint"
    }

    $serverManager = New-Object Microsoft.Web.Administration.ServerManager

    foreach ($site in $serverManager.sites) {

        $applicableBindings = $site.Bindings | Where-Object {$null -ne $_.CertificateHash}

        if ($applicableBindings.Count -eq 0)
        {
            Write-Host ("Site {0} does not have any existing certificate bindings." -f $site.Name)
        }
        else
        {
            foreach ($binding in $applicableBindings)
            {
                $hash = $binding.CertificateHash

                #Write-Host ("Certificate Hash for site {0} is $hash" -f $binding.CertificateHash)

                if (@(Compare-Object $hash $existingCertByteArray -sync 0).Length -eq 0)
                {
                    Write-Host ("Updating binding for site {0}" -f $site.Name)
                    $existingBinding = $binding
                    $existingBinding.CertificateHash = $replacementCertByteArray

                    Save-IISServerManagerChanges $serverManager
                }
                elseif (@(Compare-Object $hash $replacementCertByteArray -sync 0).Length -eq 0)
                {
                    Write-Host ("The binding for site {0} is already using the new certificate" -f $site.Name)
                }
                else
                {
                    Write-Host ("The binding cert hash did not match the old or new certificate for site {0}." -f $site.Name)
                }
            }
        }
    }
}