Skip to content
/ CertificateNotificationTasks Public
forked from Borgquite/CertificateNotificationTasks

PowerShell scripts to allow certificates to be automatically renewed for various services, such as Microsoft SQL Server

License

GPL-2.0 license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SQLauto/CertificateNotificationTasks

BranchesTags
 
 

Repository files navigation

These scripts allow the use of Windows 8+ and Windows Server 2012+ Certificate Services Lifecycle Notifications to automatically deploy new certificates after they are renewed - see https://social.technet.microsoft.com/wiki/contents/articles/14250.certificate-services-lifecycle-notifications.aspx

Supported products:

  • SQL Server Database Engine
  • SQL Server Reporting Services
  • Network Device Enrollment Service (NDES)

You can use the script to perform certificate autorenewal, and also for SQL Server, configuring components for using a certificate for the 'first time' with just the -NewCertHash parameter.

Some script functionality depends on certificates being enrolled via Active Directory Certificate Services with specific certificate template names.

  • For SQL Server, the script uses template names of 'SQL Server' and 'Internal Web Server' respectively by default. This is not required when renewing certificates, but will be if you want to configure the 'first time' using the -NewCertHash parameter as described above.
  • For Network Device Enrollment Service, the default template names for the 'CEPEncryption' and 'EnrollmentAgentOffline' V1 certificate templates are supported - but you can also set up custom names using V2 certificates if you replaced the defaults e.g. by following https://www.microsoft.com/en-us/download/details.aspx?id=46406 If you are using Active Directory Certificate Services, ensure you update the scripts with the certificate template names you are using.

If you are using a third-party Certificate Authority e.g. Let's Encrypt you can still use the Certificate Services Lifecycle Notifications feature.

To use, review and download both files .ps1 files to a folder, then run Deploy-CertificateRenewalTasks.ps1

Then either perform a certificate autorenewal using ADCS, or when using a third-party Certificate Authority, use the PowerShell command Switch-Certificate -OldCert -NewCert to mark the certificate as 'replaced' and trigger the task - see https://learn.microsoft.com/en-us/powershell/module/pki/switch-certificate?view=windowsserver2022-ps

About

PowerShell scripts to allow certificates to be automatically renewed for various services, such as Microsoft SQL Server

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 100.0%