TechShizz | All posts tagged 'CMD'

How to update an IIS SSL certificate for an existing website using command line and PowerShell

If you need to install a new certificate on a web server that does not have a GUI (Server Core), you will need to update the current SSL certificate via command line and powershell. There are most likely more ways to do this than this method, but I find this works well for me.

1. First, if you need a new certificate, you need a new CSR. You DO NOT have to create the CSR on the server that will use the certificate. Use ANY IIS server to create and complete a new certificate request. Ensure you use 2048 bit certificates.

2. Purchase a certificate from a trusted certificate authority. I prefer

3. Once you have your certificate it will be downloadable as a ZIP file. It will contain .cer files. In order to install the certificate (firstly onto our GUI IIS server) we need it to be in the .pfx format, as this format lets us store the certificate's private key within it. Extract the certificates, and in IIS, complete the certificate request and select the certificate that's named - You should store the certificate in the "WebHosting" section if prompted.

4. Next, the certificate is installed, but in the wrong server. So we need to export it. Run MMC.exe, File, Add/Remove Snapins / Add the Certificates snap in, select computer account. Find the imported certificate. 

5. Export the certificate, right click, All Tasks, Export. Select .PFX format. Ensure you tick the "Make Private Key Exportable". You will be required to set a password against the certificate to protect the private key. Save the Certificate and then copy it to your IIS server (which has no GUI i.e. server core). 

6. Next we need to install the certificate with PowerShell.

PS C:\>$mypwd = Get-Credential -UserName 'Enter password below' -Message 'Enter password below'

PS C:\>Import-PfxCertificate -FilePath C:\mypfx.pfx -CertStoreLocation Cert:\LocalMachine\WebHosting -Password $mypwd.Password

7. Next we need to update the certificate on the existing binding:

We'll need to know the thumbprint of the certificate and the AppID of the website. I like to change to powershell in core, because it's good for parsing results in a readable format. Run PowerShell.exe then navigate to:

PS Cert:\LocalMachine\WebHosting\>


dir | fl

You should be able to identify the certificate you have installed. Grab the Thumbprint.

8. Next we need the AppID - Run:

netsh http show sslcert

Find the AppID for your website you want to replace the SSL certificate for.

9. Next we use the AppID and Thumbprint to use the new certificate with the website - Note You need to EXIT from PowerShell before running this command - run this in CMD:

netsh http update sslcert certhash=C4FA12345678923618B90972707121345678988811 appid={4ab64e81-e14b-4a21-b022-59fc66abcd64} certstorename=WebHosting

10. - DONE! 

Microsoft Office Licence Activation from the Command Line

Open a Command Prompt window, and then take one of the following actions

• If you installed the 64-bit version of Office 2013, move to the following folder: C:\Program Files\Microsoft Office\Office15 

• If you installed the 32-bit version of Office 2013, move to the following folder: C:\Program Files (x86)\Microsoft 

Display Office Licences
cscript ospp.vbs /dstatus

Remove Office Licences
cscript ospp.vbs /unpkey:<last five characters of product key>

Adds Office Key
cscript ospp.vbs /inpkey:value

Activates an installed Key
cscript ospp.vbs /act

Rearm Office Licence
  1. Open a command prompt with administrative permissions.

  2. Go to %installdir%\%Program Files%\Microsoft Office\Office15. If you installed the 32-bit edition of Office 2013 on a 64-bit operating system, %Program Files% is the Program Files (x86) folder.

  3. At the command prompt, type ospprearm.exe. If the rearm succeeds, the following message displays: “Microsoft Office rearm successful.”

Run GPUpdate on multiple machines without Invoke-GPUpdate

You can run GPUpdate on multiple machines - this is usefull in pre Windows 8 environments where the Invoke-GPUpdate cmdlet is not available.

Step 1
First, obtain a full list of comuters that you needs to run gpupdate on. See Export a list of all active directory computers.

If the server is old and does not have PowerShell you can get a list of computers like this in CMD:
dsquery computers

Format it to a single column of computer names and save it to a file computers.csv on c:\

Step 2

Put psexec on the source machine.




Psexec @c:\computers.csv gpupdate /force

Netsh commands

Show TCP/IP settings
netsh interface ip show config

Change network configuration

netsh interface ip set address "Local Area Connection" static

Use a dynamic DHCP assigned address—The command

netsh interface ip set address "Local Area Connection" dhcp

Change a DNS server address

netsh interface ip set dns "Local Area Connection" static

Dynamically assign the DNS server address

netsh interface ip set dns "Local Area Connection" dhcp

Configure a WINS server

netsh interface ip set wins

Work with remote systems

netsh set machine remotecomputer

Save the current configuration

netsh interface dump >  mycfg.dat

Restore network configuration

netsh exec mycfg.dat