如何从命令提示符向 IIS7 站点分配 SSL 证书
[英]How to assign a SSL Certificate to IIS7 Site from Command Prompt
问题描述
Can you advise me whether it is possible or not to assign a SSL Certificate to a website in IIS7 using the APPCMD application?
您能否告诉我是否可以使用 APPCMD 应用程序为 IIS7 中的网站分配 SSL 证书?
I am familiar with the command to set the HTTPS Binding我熟悉设置HTTPS绑定的命令
appcmd set site /site.name:"A Site" /+bindings.[protocol='https',bindingInformation='*:443:www.mysite.com']
and how to obtain current mappings以及如何获取当前映射
%windir%\system32\inetsrv\Appcmd
but can not seem to find any way to map a site to a certificate (say the certificates hash for example)但似乎找不到任何方法将站点映射到证书(例如证书哈希)
8 个解决方案
解决方案1
54 已采纳 2009-05-07 11:44:10
The answer is to use NETSH.答案是使用NETSH。 For example例如
netsh http add sslcert ipport=0.0.0.0:443 certhash='baf9926b466e8565217b5e6287c97973dcd54874' appid='{ab3c58f7-8316-42e3-bc6e-771d4ce4b201}'
解决方案2
17 2010-10-17 16:56:13
This helped me a lot: a simple guide, by Sukesh Ashok Kumar, to setting up SSL for IIS from the command line.这对我有很大帮助:Sukesh Ashok Kumar 的一个简单指南,用于从命令行为 IIS 设置 SSL。 Includes importing/generating the certificate with certutil / makecert .包括使用certutil / makecert导入/生成证书。
http://www.awesomeideas.net/post/How-to-configure-SSL-on-IIS7-under-Windows-2008-Server-Core.aspx http://www.awesomeideas.net/post/How-to-configure-SSL-on-IIS7-under-Windows-2008-Server-Core.aspx
EDIT: if the original URL is down, it's still available through the Wayback Machine .编辑:如果原始 URL 已关闭,它仍然可以通过 Wayback Machine 获得。
解决方案3
9 2012-08-07 19:55:32
With PowerShell and the WebAdministration module, you can do the following to assign an SSL certificate to an IIS site:使用 PowerShell 和 WebAdministration 模块,您可以执行以下操作以将 SSL 证书分配给 IIS 站点:
# ensure you have the IIS module imported
Import-Module WebAdministration
cd IIS:\SslBindings
Get-Item cert:\LocalMachine\My\7ABF581E134280162AFFFC81E62011787B3B19B5 | New-Item 0.0.0.0!443
Things to note... the value, "7ABF581E134280162AFFFC81E62011787B3B19B5" is the thumbprint for the certificate you want to import.注意事项...值“7ABF581E134280162AFFFC81E62011787B3B19B5”是您要导入的证书的指纹。 So it needs to be imported into the certificate store first.所以需要先导入到证书库中。 The New-Item cmdlet takes in the IP address (0.0.0.0 for all IPs) and the port. New-Item cmdlet 接收 IP 地址(所有 IP 均为 0.0.0.0)和端口。
See http://learn.iis.net/page.aspx/491/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in/ for more details.有关更多详细信息,请参阅http://learn.iis.net/page.aspx/491/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in/ 。
I've tested this in Windows Server 2008 R2 as well as Windows Server 2012 pre-release.我已经在 Windows Server 2008 R2 以及 Windows Server 2012 预发行版中对此进行了测试。
解决方案4
4 2011-12-01 00:29:52
@David and @orip have it right. @David 和 @orip 说得对。
However, I did want to mention that the ipport parameter specified in the example (0.0.0.0:443) is what the MSDN calls the "unspecified address (IPv4: 0.0.0.0 or IPv6: [::])".但是,我确实想提及示例中指定的ipport参数 (0.0.0.0:443) 是 MSDN 所称的“未指定地址(IPv4:0.0.0.0 或 IPv6:[::])”。
I went looking it up, so I figured I'd document here to save someone else the time.我去查了一下,所以我想我会在这里记录以节省其他人的时间。 This article focuses on SQL Server, but the information is still relevant:本文重点介绍 SQL Server,但信息仍然相关:
http://msdn.microsoft.com/en-us/library/ms186362.aspx http://msdn.microsoft.com/en-us/library/ms186362.aspx
解决方案5
1 2018-01-12 09:33:05
Using the answers from this post, I created a single script that did the trick for me.使用这篇文章中的答案,我创建了一个脚本来为我解决问题。 It starts from the pfx file, but you could skip that step.它从 pfx 文件开始,但您可以跳过该步骤。
Here it is:这里是:
cd C:\Windows\System32\inetsrv
certutil -f -p "pa$$word" -importpfx "C:\temp\mycert.pfx"
REM The thumbprint is gained by installing the certificate, going to cert manager > personal, clicking on it, then getting the Thumbprint.
REM Be careful copying the thumbprint. It can add hidden characters, esp at the front.
REM appid can be any valid guid
netsh http add sslcert ipport=0.0.0.0:443 certhash=5de934dc39cme0234098234098dd111111111115 appid={75B2A5EC-5FD8-4B89-A29F-E5D038D5E289}
REM bind to all ip's with no domain. There are plenty of examples with domain binding on the web
appcmd set site "Default Web Site" /+bindings.[protocol='https',bindingInformation='*:443:']
解决方案6
1 2019-12-02 22:50:32
If you're trying to perform IIS Administration without using the MMC snap-in GUI, you should use the powershell WebAdministration module.如果您尝试在不使用 MMC 管理单元 GUI 的情况下执行 IIS 管理,则应使用 powershell WebAdministration 模块。
The other answers on this blog don't work on later versions of Windows Server (2012)此博客上的其他答案不适用于更高版本的 Windows Server (2012)
解决方案7
1 2020-03-25 19:47:57
Using PowerShell + netsh :使用PowerShell + netsh :
$certificateName = 'example.com'
$thumbprint = Get-ChildItem -path cert:\LocalMachine\My | where { $_.Subject.StartsWith("CN=$certificateName") } | Select-Object -Expand Thumbprint
$guid = [guid]::NewGuid().ToString("B")
netsh http add sslcert ipport="0.0.0.0:443" certhash=$thumbprint certstorename=MY appid="$guid"
If you need a named binding, replace netsh call with this:如果您需要命名绑定,请将netsh调用替换为:
netsh http add sslcert hostnameport="$certificateName:443" certhash=$thumbprint certstorename=MY appid="$guid"
解决方案8
0 2021-12-15 16:12:05
With IISAdministration 1.1.0.0 ( https://www.powershellgallery.com/packages/IISAdministration/1.1.0.0 ) you can use the following code to add a new HTTPS binding to a specific site:使用 IISAdministration 1.1.0.0 ( https://www.powershellgallery.com/packages/IISAdministration/1.1.0.0 ),您可以使用以下代码将新的 HTTPS 绑定添加到特定站点:
$thumbPrint = (gci Cert:\localmachine\My | Where-Object { $_.Subject -Like "certSubject*" }).Thumbprint
New-IISSiteBinding -Name "Site Name" -BindingInformation "*:443:" -CertificateThumbPrint $thumbPrint -CertStoreLocation My -Protocol https
View existing bindings with查看现有绑定
Get-IISSiteBinding -Name "Site Name"
Remove an existing binding with删除现有绑定
Remove-IISSiteBinding -Name "Site Name" -BindingInformation "*:443:" -Protocol https -Confirm:$False
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.