Powershell - 在 https 绑定上设置 SSL 证书

Question

I am trying to use PowerShell to set the SSL certificate on an IIS site for a self signed\/local certificate.

$newCert = 
       New-SelfSignedCertificate 
       -DnsName www.mywebsite.ru 
       -CertStoreLocation cert:\LocalMachine\My

Answer 1

You have to assign the certifcate to a specific site.

You can retrieve the binding information of your site using the Get-WebBinding cmdlet and set the SSL Certificate using the AddSslCertificate function:

$siteName = 'mywebsite'
$dnsName = 'www.mywebsite.ru'

# create the ssl certificate
$newCert = New-SelfSignedCertificate -DnsName $dnsName -CertStoreLocation cert:\LocalMachine\My

# get the web binding of the site
$binding = Get-WebBinding -Name $siteName -Protocol "https"

# set the ssl certificate
$binding.AddSslCertificate($newCert.GetCertHashString(), "my")

Answer 2

I had the same error as "Chuck D" when using the answer, I found an additional step was required:

The SSL certificate needs to be in the certificate store before binding to adding to an IIS website binding. This can be done in powershell using the following command:

Import-PfxCertificate -FilePath "C:\path to certificate file\certificate.pfx" -CertStoreLocation "Cert:\LocalMachine\My"

Answer 3

The AddSslCertificate method not available everywhere. I found different solution by using Netsh.

$iisCert = Get-ChildItem -Path "Cert:\LocalMachine\MY" `
| Where-Object { $_.FriendlyName -eq "IIS Express Development Certificate" } `
| Select-Object -First 1

$applicationId = [Guid]::NewGuid().ToString("B") 

netsh http add sslcert ipport=0.0.0.0:443 certhash=$($iisCert.Thumbprint) appid=$applicationId