Friday, February 12, 2016

Updating IIS SSL Certificate Bindings using PowerShell

I recently had a requirement to use PowerShell to automatically update the SSL Certificate bindings in IIS so I started hunting around for scripts that would help me accomplish this.

Initially, I encountered this script which provided some insight on how to accomplish this:

Unfortunately, this article was quite old and outdated and relied on a PowerShell Snap-In which I could not easily determine how to load.

Thankfully, I then came across this much, much NEWER article which is much, much more helpful in determining exactly how to accomplish this task:

I ended up using this slightly modified version of that PowerShell script to achieve my goals:

Param (
 [Parameter(Mandatory = $True, HelpMessage = "Please enter the name of the Web Site")]
 [string]$WebsiteName = "Default Web Site",
 [Parameter(Mandatory = $True, HelpMessage = "Please specify the SSL Port Number")]
 [string]$SSLPort = "443",
 [Parameter(Mandatory = $True, HelpMessage = "Please enter the SSL Certificate Common Name such as *")]

Import-Module WebAdministration

Import-Module PKI

function Get-CertificateThumbprint
 Param ([string]$CertificateSubject)
 $CertThumbprint = (Get-ChildItem -Path cert:\LocalMachine\My -Recurse | Where-Object { $_.Subject -like "CN=$CertificateSubject*" } | Select-Object Thumbprint).Thumbprint
 return $CertThumbprint

$thumbPrint = Get-CertificateThumbprint -CertificateSubject $SSLCertSubject
$IPAddress = ""


New-WebBinding -Name $WebsiteName -IPAddress "*" -Port $SSLPort -Protocol "https"

Get-Item -Path "cert:\LocalMachine\My\$thumbPrint" | New-Item -Path "IIS:\SSLBindings\$IPAddress!$SSLPort"

