$old="{OLD_THUMBPRINT}" $new="{NEW_THUMBPRINT}" $oldN=($old -replace '\s','').ToLower() $newN=($new -replace '\s','').ToLower() $raw = netsh http show sslcert $bindings = @() $cur = $null foreach ($line in $raw) { if ($line -match '^\s*(IP:port|Hostname:port)\s*:\s*(.+)\s*$') { if ($cur) { $bindings += [pscustomobject]$cur } $cur = @{ Type = $matches[1] Binding = $matches[2].Trim() Hash = $null AppId = $null Store = $null } continue } if (-not $cur) { continue } if ($line -match '^\s*Certificate Hash\s*:\s*(.+)\s*$') { $cur.Hash = (($matches[1] -replace '\s','').ToLower()) continue } if ($line -match '^\s*Application ID\s*:\s*(\{[0-9a-fA-F-]+\})\s*$') { $cur.AppId = $matches[1] continue } if ($line -match '^\s*Certificate Store Name\s*:\s*(.+)\s*$') { $cur.Store = $matches[1].Trim() continue } } if ($cur) { $bindings += [pscustomobject]$cur } $targets = $bindings | Where-Object { $_.Hash -eq $oldN } if (-not $targets) { Write-Host "No bindings found with thumbprint $oldN" return } foreach ($b in $targets) { Write-Host "" Write-Host "Binding: $($b.Type) $($b.Binding)" Write-Host "AppId : $($b.AppId)" Write-Host "Store : $($b.Store)" Write-Host "Cert : $oldN -> $newN" Write-Host "" $choice = Read-Host "Update this binding? [Y]es / [N]o / [S]top" switch ($choice.ToUpper()) { "Y" { $key = if ($b.Type -eq "IP:port") { "ipport=$($b.Binding)" } else { "hostnameport=$($b.Binding)" } Write-Host "Updating $($b.Binding)..." & netsh http delete sslcert $key & netsh http add sslcert $key ` "certhash=$newN" ` "appid=$($b.AppId)" ` "certstorename=$($b.Store)" Write-Host "Updated." } "N" { Write-Host "Skipped." continue } "S" { Write-Host "Stopped by user." break } default { Write-Host "Invalid choice, skipping this binding." continue } } } Write-Host "Processing complete."