Scenario: You want to clean up Exchange Certificates on your Exchange Servers. The following steps are examples of querying and building your query to perform an action.
1. Check to see what Exchange Certs are on your server.
get-exchangecertificate -server ExSvr1
2. Query a list of Certificates that have the subject mail.domain.com:
get-exchangecertificate – Server ExSvr1 | Where Subject -like CN=Mail.dom*
3. Query a list of Certificates that have the subject mail.domain.com and have a Expiration less than a specific date:
Get-ExchangeCertificate -Server ExSvr1 | Where {($_.NotAfter -lt “3/22/2019”) -and ($_.Subject -like “CN=Mail.dom*”)}
4. Remove the list of Certificates that have the subject mail.domain.com and an expiration less than a specific date:
Get-ExchangeCertificate -Server ExSvr1 | Where {($_.NotAfter -lt “3/22/2019”) -and ($_.Subject -like “CN=Mail.dom*”)} | Remove-Exchangecertificate -confirm:$false
Lets say you want to query all Ex2013 servers to find and remove the certs:
1. Gather your Servers into a Variable:
$Servers = Get-ExchangeServers | Where AdminDisplayVersion -like *15*
2. Use that variable in a loop to loop through the certs:
$Servers | %{
Write-Host $_.name;
Get-ExchangeCertificate -server $_.name | Where {($_.NotAfter -lt “3/22/2019”) -and ($_.Subject -like “CN=M*”)} | Remove-Exchangecertificate -confirm:$false
}
How to move/enable services on an Exchange Certificate:
1. Determine the Thumbprints of the Certificate you want to move Exchange Services to:
Get-exchangecertificate -server ExSrv1
2. Move/Enable services on an Exchange Certificate
Enable-ExchangeCertificate -thumbprint <thumpbrint> -server ExSrv1 -services IIS,SMTP,POP,IMAP
Now lets say you want to loop it:
1. Gather your servers into a variable:
$Servers = Get-ExchangeServers | Where AdminDisplayVersion -like *15*
2. Enable Services on all your servers certs with a Loop:
$Servers | %{
Write-Host $_.name;
Enable-ExchangeCertificate -thumbprint <thumpbrint> -server $_.name -services IIS,SMTP,POP,IMAP
}
Ex-Shell 