functions/invoke-d365winrmcertificaterotation.ps1
|
<# .SYNOPSIS Rotate the certificate used for WinRM .DESCRIPTION There is a scenario where you might need to update the certificate that is being used for WinRM on your Tier1 environment 1 year after you deploy your Tier1 environment, the original WinRM certificate expires and then LCS will be unable to communicate with your Tier1 environment .PARAMETER MachineName The DNS / Netbios name of the machine The default value is: "$env:COMPUTERNAME" which translates into the current name of the machine .EXAMPLE PS C:\> Invoke-D365WinRmCertificateRotation This will update the certificate that is being used by WinRM. A new certificate is created with the current computer name. The new certificate and its thumbprint will be configured for WinRM to use that going forward. .NOTES Author: Mötz Jensen (@Splaxi) We recommend that you do a full restart of the Tier1 environment when done. #> function Invoke-D365WinRmCertificateRotation { [CmdletBinding()] [OutputType()] param( [string] $MachineName = $env:COMPUTERNAME ) Write-PSFMessage -Level Verbose "Creating a new certificate." $CertStore = "Cert:\LocalMachine\My" $Thumbprint = (New-SelfSignedCertificate -DnsName $MachineName -CertStoreLocation $CertStore).Thumbprint $executable = "C:\Windows\System32\cmd.exe" $params = @("/C", "winrm", "set", "winrm/config/Listener?Address=*+Transport=HTTPS", "@{Hostname=""$DNSName""; CertificateThumbprint=""$Thumbprint""}" ) Write-PSFMessage -Level Verbose "Configure WinRM to use the newly created certificate." Invoke-Process -Executable $executable -Params $params -ShowOriginalProgress:$true } |