functions/Update-IISCertificates.ps1
|
function Update-IISCertificates { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string]$OldThumbprint, [Parameter(Mandatory=$true)] [string]$NewThumbprint ) if ($PSVersionTable.PSVersion.Major -eq 7) { throw "Update-IISCertificates does not work in Powershell 7 reliable, yet!" } $currentFriendlyName = Get-CertificateFriendlyName -Thumbprint $OldThumbprint $newFriendlyName = Get-CertificateFriendlyName -Thumbprint $NewThumbprint if ($currentFriendlyName -ne $newFriendlyName) { throw "New certificate $($Thumbprint) FriendlyName '$($newFriendlyName)' does not match $($currentThumbprint) FriendlyName '$($currentFriendlyName)'!" return $false } while (Get-Module -Name WebAdministration) { Remove-Module -Name WebAdministration } Import-Module WebAdministration -WarningAction SilentlyContinue [int]$updatedBindings = 0 [int]$updateErrors = 0 $websites = Get-Website if (-not $websites) { Write-Warning "Unable to find IIS websites!" return $false } foreach ($website in $websites) { $websiteName = $website.Name $bindings = Get-WebBinding -Name $websiteName -Protocol https | Where-Object { $_.certificateHash -eq $OldThumbprint } if ($bindings) { Write-Host "Update $websiteName" foreach ($binding in $bindings) { try { $parts = $($binding.bindingInformation) -split ":", 3 $ip = $parts[0] $port = $parts[1] $hostHeader = $parts[2] Write-Host "Update $($binding.bindingInformation)" Write-Host "Set-IISCertificateNew -CertThumbprint $NewThumbprint -SiteName $websiteName -Port $port -IPAddress $ip -HostHeader $hostHeader -RequireSNI -RemoveOldCert" Set-IISCertificate -CertThumbprint $NewThumbprint -SiteName $websiteName -Port $port -IPAddress $ip -HostHeader $hostHeader -RequireSNI -RemoveOldCert $updatedBindings++ } catch { Write-Error "Failed to update binding $($binding.bindingInformation) for website $($websiteName)!" $updateErrors++ } } } } Write-Verbose "Updated $updatedBindings website bindings." return ($updateErrors -eq 0) } |