Script: Boost SIF Certificate Expiry Days

> One simple script that definitely won't delete your system32 folder

March 7, 2024

Overview

Millions of man hours have been lost due to Sitecore certs expiring on local dev machines after 2 years. Updating the cert can be time consuming, especially if you're running xConnect and have to update the cert in multiple places. Often times, it's easier to just reinstall Sitecore.

The script in this post will prevent that from happening in the first place by making a small change to the local installation of Sitecore Install Framework (SIF).

Script

Time to claw back some man hours. Run this script as an admin, either standalone, or include it as part of your custom installation scripts so that all of your devs benefit without having to lift a finger.

# Path may need to be adjusted -- keep it broad enough to apply the boost to all SIF versions that may be installed
$path = "C:\Program Files\WindowsPowerShell\Modules\SitecoreInstallFramework"
Write-Host "---"
Write-Host "Checking if SIF cert creation expiry days need a BOOST..."
if (-Not (Test-Path -Path $path)) {
  Write-Host "Sitecore Install Framework path does not exist: $path"
  exit
}
$certScriptFileName = "Certificates.ps1"
$certScriptFiles = Get-ChildItem -Path $path -Recurse -Filter $certScriptFileName
if ($certScriptFiles.Count -eq 0) {
  Write-Host "No $certScriptFileName files found in $path. Unable to BOOST cert expiry days."
  exit
}
else {
  Write-Host "Found $($certScriptFiles.Count) $certScriptFileName files in $path."
  Write-Host "---"
}
foreach ($file in $certScriptFiles) {
  $existingContent = Get-Content -Path $file.FullName
  $needsBOOST = $false
  $newContent = foreach ($line in $existingContent) {
    if ($line -match 'NotAfter = \(\$date\)\.AddDays\((\d+)\)') {
      $days = [int]$matches[1]
      if ($days -lt 3650) {
        $needsBOOST = $true
        $line -replace 'NotAfter = \(\$date\)\.AddDays\((\d+)\)', 'NotAfter = ($date).AddDays(3650)'
      }
      else {
        $line
      }
    }
    else {
      $line
    }
  }
  if ($needsBOOST) {
    $backupFileName = $file.FullName + ".bak"
    if (-Not (Test-Path -Path $backupFileName)) {
      Copy-Item -Path $file.FullName -Destination $backupFileName
      Write-Host "Created backup of $($file.FullName) before making changes."
    }
    Set-Content -Path $file.FullName -Value $newContent
    Write-Host "BOOSTED the cert expiry days in $($file.FullName)." -ForegroundColor Green
  }
  else {
    Write-Host "Cert expiry days are already BOOSTED in $($file.FullName)." -ForegroundColor Green
  }
  Write-Host "----"
}
Write-Host "Completed BOOST check.`n"