I’ve got a Windows Server 2019 with a copy of ManageEngine’s ADSelfService Plus (ADSSP) running on it. ADSSP uses tomcat and JRE. I’ve got Win-Acme running on the server and I have it pull the PEM files into the directory c:\ssl. I then run the following commands from an elevated command prompt to import the new chain PEM into a keystore file, replace the keystore file in the tomcat deployment and restart the ADSSP service:
"c:\ManageEngine\ADSelfService Plus\jre\bin\keytool" -import -alias tomcat -file c:\ssl\my.domain.com-chain.pem -keystore SelfService.keystore -noprompt -storepass MyPassword Copy /y SelfService.keystore "C:\ManageEngine\ADSelfService Plus\conf\SelfService.keystore" sc stop "ADSelfServicePlus" sc start "ADSelfServicePlus"
I’d like to put all of that into a script and then have it automatically run each time Win-Acme completes its renewal, but I’m just not sure how to make that happen (or if it is even possible). I’ve taken a look at https://www.win-acme.com/reference/plugins/installation/script but I’m still struggling.
Can this be done? What is the best method to achieve this? Should I put the above commands into a batch file? If so, how would I specify that I want the batch file to run with elevated privileges? Is it better to put it into a powershell script? Same question about elevated privileges. Thanks!