Powershell IIS7 Snap in Assign SSL certificate to https binding

Question

As part of our automated build procedure we are trashing and reconstructing our IIS site with powershell scripts.

Once i have created the AppPool and the website com

Answer 1

Here is how to do it simply:

First identify thecertificate that you want to assign and obtain it's thumbprint

e.g. Your certificate might be in cert:\LocalMachine\Root

You can obtain the thumbprint with the following:

$thumb = (Get-ChildItem cert:\LocalMachine\Root | where-object { $_.Subject -like "YOUR STRING HERE*" } | Select-Object -First 1).Thumbprint

<<< Now one can assign the certificate to an ip address and port comme ci >>>

$IPAddress = 101.100.1.90

$port = 443

Push-Location IIS:\SslBindings

Get-Item cert:\LocalMachine\Root\$thumb | New-Item $IPAddress!$port

Pop-Location

Hope this is of help to anyone

Answer 2

I've found an example here on how one can assign the certificate.

http://learn.iis.net/page.aspx/491/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in/

However, it doesn't seem very elegant having to hard code the certificate thumbprint ... so if any one knows of a better method, I'd be glad to hear.

Answer 3

You can merge previous examples with creation of an https binding in a web site.

import-module webadministration
$computerName = $Env:Computername
$domainName = $Env:UserDnsDomain
New-WebBinding -Name "MyWebSite" -IP "*" -Port 443 -Protocol https
Get-ChildItem cert:\LocalMachine\My | where { $_.Subject -match "CN\=$Computername\.$DomainName" } | select -First 1 | New-Item IIS:\SslBindings\0.0.0.0!443

Answer 4

You can make the script simpler like this:

Get-ChildItem cert:\LocalMachine\Root | where { $_.Subject -like "YOUR STRING HERE*" } | select -First 1 | New-Item IIS:\SslBindings\0.0.0.0!443

Use 0.0.0.0 to target all hosted IP's (equivalent to "*" in IIS Manager) or replace it with a specific IP if needed.