Scenario: You imported a new certificate to your Exchange servers and you want to configure the certificate on each server remotely. There is OWA/LYNC integration and the thumbprint of the older certificate needs to be updated with the thumbprint of the new certificate for the IMCertificateThumbprint property in each servers OWA web.config file.
Scriptlets:
Declare your variables for the Servers and for the thumbprints of the Old and New Cert.
#Declare Variables $OldCert = "B8FE4323EEdAAB31258C2F44283001004EEACB23" $NewCert = "A8E457DE801F7831317C2F5F5450007EA238DDE3" $Servers = Get-exchangeserver Ex* | Select -ExpandProperty Name
We are going to backup the web.config file as well in the event of a mistake.
#Backup Web.Config and Save it locally $Servers | %{ "Copying $_" MD C:TempWebConfig$_ Copy-item "\$_c$Program FilesMicrosoftExchange ServerV15ClientAccessOwaweb.config" "C:TempWebConfig$_" }
Because OWA/LYNC integrations exists, we need to modify the IMCertificateThumbprint OWA Web.Config file so it updates/overwrites the old thumbprint with the new thumbprint.
#Edit the Web.Config on each Server $Servers | Sort | %{ "Editing WebConfig for $_" $WebConfigFile = "\$_c$Program FilesMicrosoftExchange ServerV15ClientAccessOwaweb.config" (Get-Content $webconfigfile).replace('$OldCert', 'NewCert') | Set-Content $Webconfigfile }
Enable the Services on the new Certificate
#Enable UM, IIS, SMTP, UMCallRouter on new Cert $Servers | %{ Enable-ExchangeCertificate -Server $_ -thumbprint $NewCert -services IIS,SMTP,UM,UMCallRouter -force -confirm:$false }
Finally, Restart IIS & UM Services on each server
#Restart IIS & UM Services $Servers | %{ iisreset $_ get-service msexchangeUM* -computername $_ | Restart-service }
Ex-Shell 