Pobierz wszystkie aplikacje serwera proxy aplikacji Entra firmy Microsoft opublikowane przy użyciu identycznego certyfikatu i zastąp je
Przykładowy skrypt programu PowerShell zastępuje certyfikaty zbiorczo dla wszystkich aplikacji proxy aplikacji firmy Microsoft entra opublikowanych przy użyciu identycznego certyfikatu.
Jeśli nie masz subskrypcji platformy Azure, przed rozpoczęciem utwórz bezpłatne konto platformy Azure.
Uwaga
Do interakcji z platformą Azure zalecamy używanie modułu Azure Az w programie PowerShell. Zobacz Instalowanie programu Azure PowerShell, aby rozpocząć. Aby dowiedzieć się, jak przeprowadzić migrację do modułu Az PowerShell, zobacz Migracja programu Azure PowerShell z modułu AzureRM do modułu Az.
Przykład wymaga modułu Microsoft Graph Beta PowerShell 2.10 lub nowszego.
Przykładowy skrypt
# This sample script gets all Microsoft Entra application proxy applications published with the identical certificate.
#
# .\replace_with_the_script_name.ps1 -CurrentThumbprint <thumbprint of the current certificate> -PFXFilePath <full path with PFX filename>
#
# Version 1.0
#
# This script requires PowerShell 5.1 (x64) and one of the following modules:
#
# Microsoft.Graph ver 2.10 or newer
#
# Before you begin:
#
# Required Microsoft Entra role: Global Administrator or Application Administrator or Application Developer
# or appropriate custom permissions as documented https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-app-permissions
#
#
param(
[parameter(Mandatory=$true)]
[string] $CurrentThumbprint = "null",
[parameter(Mandatory=$true)]
[string] $PFXFilePath = "null"
)
$certThumbprint = $CurrentThumbprint
$certPfxFilePath = $PFXFilePath
If (($certThumbprint -eq "null") -or ($certPfxFilePath -eq "null")) {
Write-Host "Parameter is missing." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Write-Host ".\get-custom-domain-replace-cert.ps1 -CurrentThumbprint <thumbprint of the current certificate> -PFXFilePath <full path with PFX filename>" -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
Exit
}
If ((Test-Path -Path $certPfxFilePath) -eq $False) {
Write-Host "The pfx file does not exist." -BackgroundColor "Black" -ForegroundColor "Red"
Write-Host " "
Exit
}
$securePassword = Read-Host -AsSecureString // please provide the password of the pfx file
Import-Module Microsoft.Graph.Beta.Applications
Connect-MgGraph -Scope Directory.ReadWrite.All -NoWelcome
Write-Host "Reading service principals. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$allApps = Get-MgBetaServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}
$numberofAadapApps = 0
Write-Host ("")
Write-Host ("SSL certificate change for the Microsoft Entra application proxy apps below:")
Write-Host ("")
foreach ($item in $allApps) {
$aadapApp, $aadapAppConf, $aadapAppConf1 = $null, $null, $null
$aadapAppId = Get-MgBetaApplication | where-object {$_.AppId -eq $item.AppId}
$aadapAppConf = Get-MgBetaApplication -ApplicationId $aadapAppId.Id -ErrorAction SilentlyContinue -select OnPremisesPublishing | select OnPremisesPublishing -expand OnPremisesPublishing
$aadapAppConf1 = Get-MgBetaApplication -ApplicationId $aadapAppId.Id -ErrorAction SilentlyContinue -select OnPremisesPublishing | select OnPremisesPublishing -expand OnPremisesPublishing `
| select verifiedCustomDomainCertificatesMetadata -expand verifiedCustomDomainCertificatesMetadata
if ($aadapAppConf -ne $null) {
if ($aadapAppConf1.VerifiedCustomDomainCertificatesMetadata.Thumbprint -match $certThumbprint) {
Write-Host $item.DisplayName"(AppId: " $item.AppId ", ObjId:" $item.Id")" -BackgroundColor "Black" -ForegroundColor "White"
Write-Host
Write-Host "External Url: " $aadapAppConf.ExternalUrl
Write-Host "Internal Url: " $aadapAppConf.InternalUrl
Write-Host "Pre-authentication: " $aadapAppConf.ExternalAuthenticationType
Write-Host
$params = @{
onPremisesPublishing = @{
verifiedCustomDomainKeyCredential = @{
type="X509CertAndPassword";
value = [convert]::ToBase64String((Get-Content $certPfxFilePath -Encoding byte));
};
verifiedCustomDomainPasswordCredential = @{ value = $securePassword };
}
}
Update-MgBetaApplication -ApplicationId $aadapAppId.Id -BodyParameter $params
$numberofAadapApps = $numberofAadapApps + 1
}
}
}
Write-Host
Write-Host "Number of the updated Microsoft Entra application proxy applications: " $numberofAadapApps -BackgroundColor "Black" -ForegroundColor "White"
Write-Host ("")
Write-Host
Write-Host "Finished." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host "To disconnect from Microsoft Graph, please use the Disconnect-MgGraph cmdlet."
Objaśnienia dla skryptu
Polecenie | Uwagi |
---|---|
Połączenie-MgGraph | Połączenie do programu Microsoft Graph |
Get-MgBetaServicePrincipal | Pobiera jednostkę usługi |
Get-MgBetaApplication | Pobiera aplikację dla przedsiębiorstw |
Update-MgBetaApplication | aktualizuje aplikację |