about_Posh-XProtectMobile
Milestone XProtect Mobile Server helper module
This module assists administrators by providing a simple cmdlet, Set-MobileServerCertificate, which simplifies the process of adding or updating the binding for Milestone XProtect Mobile Server. This is done via the 'netsh http [add|update] sslcert' command which requires the current IP:Port used for HTTPS communication.
The current HTTPS IP:Port values are retrieved from the VideoOS.MobileServer.Service.exe.config file present in the Mobile Server installation directory.
The installation directory for Milestone XProtect Mobile Server is found in the registry path HKLM:\SOFTWARE\WOW6432Node\Milestone\XProtect Mobile Server.
If using in conjunction with Posh-ACME, you may use the modules like so...
$parameters = @{
...
}
New-PACertificate @$parameters | Set-MobileServerCertificate
Afterward, you might schedule a task in Windows to execute the following PowerShell daily:
Submit-Renewal | Set-MobileServerCertificate
Doing so will ensure that the certificate is attempted to be renewed daily, but Posh-ACME will only send a request for a new certificate after 60 days from the date of issue.
Alternatively, you may have some other mechanism for generating and renewing certificates. As long as you have installed your certificate to Cert:\LocalMachine\My and it includes the private key, you can pipe the certificate or thumprint into Set-MobileServerCertificate.
Get-ChildItem Cert:\LocalMachine\My | ? Subject -like '*mobile.example.com*' | Set-MobileServerCertificate
Milestone, XProtect, Mobile Server, Let's Encrypt, Certificate, SSL/TLS