-
Notifications
You must be signed in to change notification settings - Fork 1
/
update-ssrs-cert.ps1
80 lines (69 loc) · 2.91 KB
/
update-ssrs-cert.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# This script is run automatically after win.acme renews the certifcate. It updates the certificate bindings for SSRS.
# Based on this: https://ruiromanoblog.wordpress.com/2010/05/08/configure-reporting-services-ssl-binding-with-wmi-powershell/
param($newthumb, $oldthumb)
$newthumb = $newthumb.ToLower()
$oldthumb = $oldthumb.ToLower()
# Importing the configuration file
$config = Import-PowerShellDataFile $PSScriptRoot\Config.PSD1
# Creating variables to determine magic strings and getting them from the configuration file
$serverName = $config.ServerName
$certSubject = $config.certSubject
$ssrsServerName = $config.ssrsServerName
$httpsPort = $config.httpsPort
$ipAddress = $config.ipAddress
$emailTo = $config.emailTo
$emailFrom = $config.emailFrom
$emailSmtp = $config.emailSmtp
$logLocation = $config.logLocation
$errors = ""
# Get a timestamp for logging
function Get-TimeStamp
{
return "[{0:yyyy/MM/dd} {0:HH:mm:ss}]" -f (Get-Date)
}
$wmiName = (Get-WmiObject -namespace root\Microsoft\SqlServer\ReportServer -Filter "Name='$ssrsServerName'" -class __Namespace).Name
$version = (Get-WmiObject -namespace root\Microsoft\SqlServer\ReportServer\$wmiName -class __Namespace).Name
$rsConfig = Get-WmiObject -namespace "root\Microsoft\SqlServer\ReportServer\$wmiName\$version\Admin" -class MSReportServer_ConfigurationSetting
if ($oldthumb -ne $newthumb) {
$r = $rsConfig.RemoveSSLCertificateBindings('ReportManager', $oldthumb, $ipAddress, $httpsport, 1033)
if (!($r.HRESULT -eq 0)) {
$errors = $r.Error
}
$r = $rsConfig.RemoveSSLCertificateBindings('ReportServerWebService', $oldthumb, $ipAddress, $httpsport, 1033)
if (!($r.HRESULT -eq 0)) {
$errors = $errors + "`r`n" + $r.Error
}
$r = $rsConfig.CreateSSLCertificateBinding('ReportManager', $newthumb, $ipAddress, $httpsport, 1033)
if (!($r.HRESULT -eq 0)) {
$errors = $errors + "`r`n" + $r.Error
}
$r = $rsConfig.CreateSSLCertificateBinding('ReportServerWebService', $newthumb, $ipAddress, $httpsport, 1033)
if (!($r.HRESULT -eq 0)) {
$errors = $errors + $r.Error
}
}
# Set up the error alert email
$emailBody = @"
<H3>Hi SysAdmins,</H3>
<p>We have a script that runs on $ServerName to update the SSL certificate for reports.ssw.com.au.</br>
The script has failed :(.</p>
<ol>
<li>Please check the log file in $logLocation, investigate and fix.</li>
</ol>
<p>Thanks!</p>
<p>Powered by $PSScriptRoot\update-ssrs-cert.ps1 on $ServerName</p>
"@
$emailParams = @{
From = $emailFrom
To = $emailTo
Subject = "Certificate update failed on $ServerName"
Body = $emailBody
SmtpServer = $emailSmtp
}
If ($errors) {
Write-Output "`r`n $(Get-TimeStamp) `r`n $errors" | Out-File $logLocation -Append
Send-MailMessage @emailParams -BodyAsHtml
}
Else {
Write-Output "`r`n $(Get-TimeStamp) Certificate replaced successfully." | Out-File $logLocation -Append
}