Exchange 2016 CU22 or 2019 CU11

Question Scripting
1

The new Cumulative Updates for Exchange now require that your auth-certificate is valid. The current Exchange script fails to do so.

As it happens I have already added this (which is very simple) to the deployment for a client using the Salesforce for Outlook plugin which had the same requirement.

I have modified the script to be as follows

# This is an example script and it will be overwritten when the next update is installed. 
# To use this script copy it to another location and modify as required

# This script enables the use of the newly retrieved and stored certificate with common Exchange services
# For more script info see https://docs.certifytheweb.com/docs/script-hooks.html

param($result)

# enable powershell snap-in for Exchange 2010 upwards
Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.E2010

# tell Exchange which services to use this certificate for, force accept certificate to avoid command line prompt
Enable-ExchangeCertificate -Thumbprint $result.ManagedItem.CertificateThumbprintHash -Services POP,IMAP,SMTP,IIS -Force

$dt = Get-Date
Set-AuthConfig -NewCertificateThumbprint $result.ManagedItem.CertificateThumbprintHash -NewCertificateEffectiveDate $dt -Force
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate

Some might want to restart some of the webapp pools which could be accomplished easily by adding the following to the end of the script.

Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPool

I must admit I would like to modify the script to remove old certs like the script for Win-Acme can. Here is the magic from Win-Acme. The only part I don’t fully understand is the [1] in Get-ExchangeCertificate -DomainName $Certificate.Subject.split("=")[1] `. Hopefully I can add that to the script and then I will truly be happy:-)

	if ($LeaveOldExchangeCerts -ne 1)
	{
		Write-Host "Old Exchange certificates being cleaned up"
		try 
		{
 			Get-ExchangeCertificate -DomainName $Certificate.Subject.split("=")[1] `
				| Where-Object -FilterScript {
 					$_.Thumbprint -ne $NewCertThumbprint
 				} `
 			| Remove-ExchangeCertificate -Confirm:$false
 		} 
 		catch 
 		{
 			Write-Error "Error cleaning up old certificates Get-ExchangeCertificate/Remove-ExchangeCertificate"
 		}
1 Like