我注意到许多域名在Exchange 2013上都失败了,因为他们的网站上有一个无效的通配符证书。
我如何(至less)扫描和testing这种types的失败?
下面是我的脚本的开始,但在Powershell中真的很生疏。 有没有人认为这是一个有效的解决scheme,或有一个更好的?
$ErrorActionPreference = "Stop"; $domains = get-accepteddomain foreach ($d in $domains) { Try { $url = "https://$d" $wc = New-Object System.Net.WebClient $wc.DownloadString($url) } Catch { $ErrorMessage = $_.Exception.Message $FailedItem = $_.Exception.ItemName Send-MailMessage -From [email protected] -To [email protected] -Subject "Invalid SSL Certificate" -SmtpServer internalsmtp.nfp.com -Body "We failed to read file $FailedItem. The error message was $ErrorMessage for domain $url" Break } } 这是我提出的脚本。 我仍然需要一种方法来轻松获得所有活动的主SMTP地址,但这是一个开始。
#This script tests the naked domain and autodiscover record for issues. #often times a wildcard cert will cause a name mismatch, or the cert is invalid, expired, or revoked $ErrorActionPreference = "Stop"; #todo, don't use accepted domains, only use the addresses listed as a primary on # a user, because that is the only domain that counts for Autodiscover. $domains = "a.com”, “b.com”, “b.com" $errors = @{} foreach ($d2 in $domains) { Try { $url = "https://$d2" $url $wc = New-Object System.Net.WebClient $wc.DownloadString($url) } Catch { $ErrorMessage = $_.Exception.Message $FailedItem = $_.Exception.ItemName $errors.Add($url, $_.Exception.Message) } Try { $url = "https://autodiscover.$d2" $url $wc = New-Object System.Net.WebClient $wc.DownloadString($url) } Catch { $ErrorMessage = $_.Exception.Message $FailedItem = $_.Exception.ItemName $errors.Add($url, $errormessage) } } $sb = New-Object -TypeName "System.Text.StringBuilder"; foreach ($e in $errors.keys) { $e2 = $errors.$e #The remote name could not be resolved #Could not establish trust relationship $sb.AppendLine("$e had error @ $e2 " ); } Send-MailMessage -From [email protected] -To [email protected] -Subject "Invalid SSL Certificate Report" -SmtpServer internalsmtp.company.com -Body $sb.tostring()