Add netsh-cert-update.ps1
This commit is contained in:
91
netsh-cert-update.ps1
Normal file
91
netsh-cert-update.ps1
Normal file
@@ -0,0 +1,91 @@
|
||||
$old="{OLD_THUMBPRINT}"
|
||||
$new="{NEW_THUMBPRINT}"
|
||||
|
||||
$oldN=($old -replace '\s','').ToLower()
|
||||
$newN=($new -replace '\s','').ToLower()
|
||||
|
||||
$raw = netsh http show sslcert
|
||||
$bindings = @()
|
||||
$cur = $null
|
||||
|
||||
foreach ($line in $raw) {
|
||||
if ($line -match '^\s*(IP:port|Hostname:port)\s*:\s*(.+)\s*$') {
|
||||
if ($cur) { $bindings += [pscustomobject]$cur }
|
||||
$cur = @{
|
||||
Type = $matches[1]
|
||||
Binding = $matches[2].Trim()
|
||||
Hash = $null
|
||||
AppId = $null
|
||||
Store = $null
|
||||
}
|
||||
continue
|
||||
}
|
||||
if (-not $cur) { continue }
|
||||
|
||||
if ($line -match '^\s*Certificate Hash\s*:\s*(.+)\s*$') {
|
||||
$cur.Hash = (($matches[1] -replace '\s','').ToLower())
|
||||
continue
|
||||
}
|
||||
if ($line -match '^\s*Application ID\s*:\s*(\{[0-9a-fA-F-]+\})\s*$') {
|
||||
$cur.AppId = $matches[1]
|
||||
continue
|
||||
}
|
||||
if ($line -match '^\s*Certificate Store Name\s*:\s*(.+)\s*$') {
|
||||
$cur.Store = $matches[1].Trim()
|
||||
continue
|
||||
}
|
||||
}
|
||||
if ($cur) { $bindings += [pscustomobject]$cur }
|
||||
|
||||
$targets = $bindings | Where-Object { $_.Hash -eq $oldN }
|
||||
|
||||
if (-not $targets) {
|
||||
Write-Host "No bindings found with thumbprint $oldN"
|
||||
return
|
||||
}
|
||||
|
||||
foreach ($b in $targets) {
|
||||
Write-Host ""
|
||||
Write-Host "Binding: $($b.Type) $($b.Binding)"
|
||||
Write-Host "AppId : $($b.AppId)"
|
||||
Write-Host "Store : $($b.Store)"
|
||||
Write-Host "Cert : $oldN -> $newN"
|
||||
Write-Host ""
|
||||
$choice = Read-Host "Update this binding? [Y]es / [N]o / [S]top"
|
||||
|
||||
switch ($choice.ToUpper()) {
|
||||
"Y" {
|
||||
$key = if ($b.Type -eq "IP:port") {
|
||||
"ipport=$($b.Binding)"
|
||||
} else {
|
||||
"hostnameport=$($b.Binding)"
|
||||
}
|
||||
|
||||
Write-Host "Updating $($b.Binding)..."
|
||||
& netsh http delete sslcert $key | Out-Null
|
||||
& netsh http add sslcert $key `
|
||||
"certhash=$newN" `
|
||||
"appid=$($b.AppId)" `
|
||||
"certstorename=$($b.Store)" | Out-Null
|
||||
|
||||
Write-Host "Updated."
|
||||
}
|
||||
|
||||
"N" {
|
||||
Write-Host "Skipped."
|
||||
continue
|
||||
}
|
||||
|
||||
"S" {
|
||||
Write-Host "Stopped by user."
|
||||
break
|
||||
}
|
||||
|
||||
default {
|
||||
Write-Host "Invalid choice, skipping this binding."
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Write-Host "Processing complete."
|
||||
Reference in New Issue
Block a user