Created
June 24, 2018 15:16
-
-
Save dori4n/dbb62d4073223b55fa60acb5fc0c88f0 to your computer and use it in GitHub Desktop.
Certify PowerShell PostHook for Exchange Server managed from non-domain joined PCs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param($result) | |
| if ($result.IsSuccess -eq $true) | |
| { | |
| # Convert CNG certificate storage to CSP (for Exchange 2013) | |
| $tempfile = "$env:TEMP\CertifyTemp.pfx" | |
| $pfx = get-pfxcertificate -filepath $result.ManagedItem.CertificatePath | |
| certutil -f -p Certify -exportpfx $pfx.SerialNumber $tempfile | |
| certutil -delstore my $pfx.SerialNumber | |
| certutil -p Certify -csp "Microsoft RSA SChannel Cryptographic Provider" -importpfx $tempfile | |
| remove-item $tempfile | |
| # Enable certificate for Exchange 2013 / 2016 services on same server | |
| Add-PSSnapIn *exchange* | |
| Enable-ExchangeCertificate -Thumbprint $result.ManagedItem.CertificateThumbprintHash -Services POP,IMAP,SMTP,IIS | |
| # update Remote Desktop Server Certificate | |
| $rdpWmiPath = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path | |
| $certHash = $result.ManagedItem.CertificateThumbprintHash | |
| Set-WmiInstance -Path $rdpWmiPath -argument @{SSLCertificateSHA1Hash="$certHash"} | |
| } | |
| else | |
| { | |
| Write-Output "An error occurred retrieving the TLS certificate..." | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment