Last active
October 11, 2022 21:15
-
-
Save bill-long/566208cb741347b8d7da6c4a853a6652 to your computer and use it in GitHub Desktop.
Intended to help diagnose the following error from Exchange Mitigation Service: "This XML is not deemed safe to consume since Response xml''s signing cert is invalid or not from microsoft""
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $url = "https://officeclient.microsoft.com/getexchangemitigations" | |
| $r = Invoke-WebRequest $url | |
| $x = [xml]$r.Content | |
| $signedXml = New-Object System.Security.Cryptography.Xml.SignedXml($x) | |
| $sigNode = $x.GetElementsByTagName("Signature") | |
| $signedXml.LoadXml([System.Xml.XmlElement] ($sigNode[0])) | |
| $signedXml.Signature.KeyInfo.Certificates | Format-List | |
| $signedXml.Signature.KeyInfo.Certificates | ForEach-Object { | |
| "Validating certificate: $($_.Subject)" | |
| $chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain | |
| if ($chain.Build($_)) { | |
| " Validated successfully." | |
| } else { | |
| " Validation failed. ChainStatus:" | |
| $chain.ChainStatus | Format-Table | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To run this from Exchange Management Shell, run
$exscripts\Get-Mitigations.ps1first to load the necessary DLLs.