gazd25 · June 12, 2018 07:44 · Jun 12, 2018
diff --git a/renewexchangecert.ps1 b/renewexchangecert.ps1
@@ -0,0 +1,63 @@
+# Add Exchange management tools snappin
+
+Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
+
+# Create new self signed certificate to be used only during script
+
+[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
+[System.Windows.Forms.SendKeys]::SendWait("N")
+Start-Sleep 1
+[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')
+
+New-ExchangeCertificate -DomainName fakecert.fakecert.com
+
+# Pop-Up Here needs to be accepted with a no, handled by sendkeys above
+
+# Create variable for fakecert certificate of $thumbprint1, this command matches the correct cert, and then pipes only the certs thumbprint in to the
+# variable using Select -ExpandProperty, no real need to edit this unless you dont like fakecert.fakecert.com :)
+
+$thumbprint1=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "fakecert.fakecert.com" -and $_.IsSelfSigned -match "true"} | Select -ExpandProperty Thumbprint
+
+# Enable fakecert certificate for all services using $thumbprint1 variable
+
+[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
+[System.Windows.Forms.SendKeys]::SendWait("N")
+Start-Sleep 1
+[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')
+
+Enable-ExchangeCertificate -Thumbprint $thumbprint1 -Services IIS,SMTP,IMAP,POP | Start-Sleep 10
+
+# Pop-Up Here needs to be accepted with a no, handled by sendkeys above
+
+# Create variable for old LetsEncrypt certificate of $thumbprint2, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using
+# Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate.
+
+$thumbprint2=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} | Select -ExpandProperty Thumbprint
+
+# Remove old LetsEncrypt certificate using $thumbprint2 variable
+
+Remove-ExchangeCertificate -Thumbprint $thumbprint2 -Confirm:$false
+
+# Import new LetsEncrypt certificate, change the path to your PFX file C:\pathtoyourpfxcert\yourpfxcert.pfx and the password in between the quotes here
+
+Import-ExchangeCertificate -FileName "C:\pathtoyourpfxcert\yourpfxcert.pfx" -Password (ConvertTo-SecureString -String 'yourpassword' -AsPlainText -Force)
+
+# Create variable for new LetsEncrypt certificate of thumbprint3, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using
+# Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate.
+
+$thumbprint3=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} | Select -ExpandProperty Thumbprint
+
+# Enable new LetsEncrypt certificate for all services using thumbprint3 variable
+
+[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
+[System.Windows.Forms.SendKeys]::SendWait("N")
+Start-Sleep 1
+[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')
+
+Enable-ExchangeCertificate -Thumbprint $thumbprint3 -Services IIS,SMTP,IMAP,POP | Start-Sleep 10
+
+# Pop-Up Here needs to be accepted with a no, handled by sendkeys above
+
+# Remove fakecert certificate using thumbprint1 variable now it's done it's job
+
+Remove-ExchangeCertificate -Thumbprint $thumbprint1 -Confirm:$false