All geek questions in one place

Programmatically assign an existing ssl certificate to a website in iis6 via powershell or vbscript

I have the following powershell script that creates a new website in IIS6:

https://github.com/dagda1/iis6/blob/master/create-site.ps1

Does anyone know how I can assign an existing ssl certificate to a website?

I know that I can set the port number using adsutil.vbsas follows:

cscript adsutil.vbs set w3svc/xxx/securebindings ":443:somewhere.com"

But I draw a big gap when it comes to assigning an existing ssl certificate.

+3
source share
3 answers

I think this is what you want:

$w3svc = "W3SVC/566412209"     # <-- W3SVC/[iis number]
$pfxPath = "c:\ssl\myssl.pfx"
$pfxPassword = "password123"   # Whatever the certificate file password is

$certMgr = New-Object -ComObject IIS.CertObj
$certMgr.ServerName = [System.Environment]::MachineName
$certMgr.InstanceName = $w3svc
$certMgr.Import($pfxPath, $pfxPassword, $true, $true)

You can also create a .NET Interop assembly (by adding a COM link to C:\WINDOWS\system32\inetsrv\certobj.dllor using tlbimp.exe) so that you can use it with PowerShell and .NET projects:

[void][reflection.assembly]::loadfrom("Interop.CERTOBJLib.dll")
$certMgr = new-object -typeName CERTOBJLib.IISCertObjClass
$certMgr.ServerName = [System.Environment]::MachineName
$certMgr.InstanceName = $w3svc
$certMgr.Import($pfxPath, $pfxPassword, $true, $true)

- SSL , .

MS docs IIS.CertObj :

IISCertObj (IIS 6.0)

+4

, . GUI - " ".

Function ImportSSLCertificateToWebsite{
    param([string]$pfxPath, [string]$pfxPassword, [string]$siteName, [string]$SSLIPPort);
    <# This script is deigned to run locally on the destination box; however it can be run remotely via Invoke-Command using a PSSession #>;
    <# $pfxPath can be a local or remote location "c:\somesite.pfx" or "\\someserver\share\somesite.pfx" #>;
    <# SSLIPPort must look like: "10.5.100.2:443" or ":443", will be split out below #>;
    $SSLIPPortTemp=$SSLIPPort.Split(":");
    $SSLIP=[string]$SSLIPPortTemp[0];
    $SSLPort=[string]$SSLIPPortTemp[1];
    $iisWebSite = Get-WmiObject -Namespace 'root\MicrosoftIISv2' -Class IISWebServerSetting -Filter "ServerComment = '$siteName'";
    $secureBindings=[System.Management.ManagementBaseObject[]]$iisWebSite.SecureBindings;
    $secureBindings[0].IP="$SSLIP";
    $secureBindings[0].PORT="$SSLPort"+":"; <# must look like "443:" #>;
    $iisWebSite.SecureBindings=[System.Management.ManagementBaseObject[]]$secureBindings;
    $iisWebSite.SetInfo;
    $iisWebsite.Put();
    <# to output the SecureBindings object for confirmation changes were made #>; foreach($a in [System.Management.ManagementBaseObject[]]$iisWebSite.SecureBindings){$a};
    $certMgr = New-Object -ComObject IIS.CertObj -ErrorAction SilentlyContinue;
    $certMgr.InstanceName = [string]$iisWebSite.Name;
    $certMgr.Import($pfxPath,$pfxPassword,$true,$true);
}
ImportSSLCertificateToWebsite "\\secure101\Certs\PFX\somesite.yourdomain.com.pfx" "ThePasswordForThePFX" "somesite.yourdomain.com" ":443"
+2

Set some variables:

${HostName} = "mydomain.com"
${IPAddressString} = "127.0.0.1"
${Port} = 43
${CertificateThumbprint} = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "CN=*${HostName}*" } | Select-Object -expand Thumbprint

Then run either netsh or httpcfg

netsh http add sslcert "ipport=${IPAddressString}:${Port}" "certhash=${CertificateThumbprint}" "appid={4dc3e181-e14b-4a21-b022-59fc669b0914}"

or

httpcfg set ssl -i ${IPAddressString}:${Port} -h ${CertificateThumbprint} -g "{4dc3e181-e14b-4a21-b022-59fc669b0914}"
0
source

Source: https://habr.com/ru/post/1783240/

More articles:


All Articles