profile for Hannel on Stack Exchange, a network of free, community-driven Q&A sites
Project Work Hours
Sat & Sun 6am - 9am
Subscribe via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.


This article covers scripting Microsoft Exchange 2013 certificate update. Updating all Client Access Server (CAS) in an Exchange environment all at once and deleting old certificate.  Unable to attach the .ps1 file but below is a video of script in action and the content of the script

Syntax for running the script:

.\CertUpdate.ps1 -CertPath <path to .pfx file> -CertFName "<Certificate Friendly Name>"


.\CertUpdate.ps1 -CertPath C:\Temp\w12e13_2015.pfx -CertFName "W12E13 - StartSSL"

20141019 - Exchange Update





The script in its entirety

#Exchange Certificate Update
#Hannel Hazeley
#Version 1.0


#Requesting password for PFX file
$Password = Read-Host -Prompt "Enter the password for your .pfx certificate" -AsSecureString

#Searching Exchange for all Client Access Role servers
$GetCAS = Get-ExchangeServer | ? {$_.ServerRole -like "*ClientAccess*"}
Foreach ($cas in $GetCAS)
#Importing PFX certificate 
$IC = (Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path $CertPath -Encoding byte -ReadCount 0)) -Password $Password -PrivateKeyExportable $false -FriendlyName $CertFName -Server $cas.Name)

#Enabling service on newly import certificate
Enable-ExchangeCertificate -Server $cas.Name -Thumbprint $ic.Thumbprint -Services "POP,IMAP,SMTP,IIS" -Force

#Checking for old certificate
$OldCert = Get-ExchangeCertificate -Server $cas.Name | Where-Object -FilterScript { $_.NotAfter -lt [DateTime]::UtcNow.AddDays(5) } 

#Deleting old certificate
Remove-ExchangeCertificate -Server $cas.Name -Thumbprint $OldCert.Thumbprint