This article covers scripting Microsoft Exchange 2013 certificate update. Updating all Client Access Server (CAS) in an Exchange environment all at once and deleting old certificate. Unable to attach the .ps1 file but below is a video of script in action and the content of the script
Syntax for running the script:
.\CertUpdate.ps1 -CertPath <path to .pfx file> -CertFName "<Certificate Friendly Name>"
Example:
.\CertUpdate.ps1 -CertPath C:\Temp\w12e13_2015.pfx -CertFName "W12E13 - StartSSL"
Video:
The script in its entirety
#Exchange Certificate Update #Hannel Hazeley #hhazeley@outlook.com #Version 1.0 Param( [Parameter(Mandatory=$true)] $CertPath, [Parameter(Mandatory=$true)] $CertFName ) #Requesting password for PFX file $Password = Read-Host -Prompt "Enter the password for your .pfx certificate" -AsSecureString #Searching Exchange for all Client Access Role servers $GetCAS = Get-ExchangeServer | ? {$_.ServerRole -like "*ClientAccess*"} Foreach ($cas in $GetCAS) { #Importing PFX certificate $IC = (Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path $CertPath -Encoding byte -ReadCount 0)) -Password $Password -PrivateKeyExportable $false -FriendlyName $CertFName -Server $cas.Name) #Enabling service on newly import certificate Enable-ExchangeCertificate -Server $cas.Name -Thumbprint $ic.Thumbprint -Services "POP,IMAP,SMTP,IIS" -Force #Checking for old certificate $OldCert = Get-ExchangeCertificate -Server $cas.Name | Where-Object -FilterScript { $_.NotAfter -lt [DateTime]::UtcNow.AddDays(5) } #Deleting old certificate Remove-ExchangeCertificate -Server $cas.Name -Thumbprint $OldCert.Thumbprint }