From 7f3ac24ae0985e2d160d82276644caaf920faa62 Mon Sep 17 00:00:00 2001 From: Sepp J Morris Date: Tue, 13 Jan 2026 16:08:56 +0000 Subject: [PATCH] Add netsh-cert-update.ps1 --- netsh-cert-update.ps1 | 91 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 netsh-cert-update.ps1 diff --git a/netsh-cert-update.ps1 b/netsh-cert-update.ps1 new file mode 100644 index 0000000..e708e19 --- /dev/null +++ b/netsh-cert-update.ps1 @@ -0,0 +1,91 @@ +$old="{OLD_THUMBPRINT}" +$new="{NEW_THUMBPRINT}" + +$oldN=($old -replace '\s','').ToLower() +$newN=($new -replace '\s','').ToLower() + +$raw = netsh http show sslcert +$bindings = @() +$cur = $null + +foreach ($line in $raw) { + if ($line -match '^\s*(IP:port|Hostname:port)\s*:\s*(.+)\s*$') { + if ($cur) { $bindings += [pscustomobject]$cur } + $cur = @{ + Type = $matches[1] + Binding = $matches[2].Trim() + Hash = $null + AppId = $null + Store = $null + } + continue + } + if (-not $cur) { continue } + + if ($line -match '^\s*Certificate Hash\s*:\s*(.+)\s*$') { + $cur.Hash = (($matches[1] -replace '\s','').ToLower()) + continue + } + if ($line -match '^\s*Application ID\s*:\s*(\{[0-9a-fA-F-]+\})\s*$') { + $cur.AppId = $matches[1] + continue + } + if ($line -match '^\s*Certificate Store Name\s*:\s*(.+)\s*$') { + $cur.Store = $matches[1].Trim() + continue + } +} +if ($cur) { $bindings += [pscustomobject]$cur } + +$targets = $bindings | Where-Object { $_.Hash -eq $oldN } + +if (-not $targets) { + Write-Host "No bindings found with thumbprint $oldN" + return +} + +foreach ($b in $targets) { + Write-Host "" + Write-Host "Binding: $($b.Type) $($b.Binding)" + Write-Host "AppId : $($b.AppId)" + Write-Host "Store : $($b.Store)" + Write-Host "Cert : $oldN -> $newN" + Write-Host "" + $choice = Read-Host "Update this binding? [Y]es / [N]o / [S]top" + + switch ($choice.ToUpper()) { + "Y" { + $key = if ($b.Type -eq "IP:port") { + "ipport=$($b.Binding)" + } else { + "hostnameport=$($b.Binding)" + } + + Write-Host "Updating $($b.Binding)..." + & netsh http delete sslcert $key | Out-Null + & netsh http add sslcert $key ` + "certhash=$newN" ` + "appid=$($b.AppId)" ` + "certstorename=$($b.Store)" | Out-Null + + Write-Host "Updated." + } + + "N" { + Write-Host "Skipped." + continue + } + + "S" { + Write-Host "Stopped by user." + break + } + + default { + Write-Host "Invalid choice, skipping this binding." + continue + } + } +} + +Write-Host "Processing complete."