[英]Change IIS SSL settings using powershell
I am completely new to Windows PowerShell.我是 Windows PowerShell 的新手。 I am trying to change the IIS's default web site's SSL settings from
Required SSL = false and client certificate = ignore
to Required SSL = true and client certificate = accept
using powershell (I have to configure it to ansible playbook) I have searched but didn't get any solution.我正在尝试将 IIS 的默认网站的 SSL 设置从“
Required SSL = false and client certificate = ignore
更改为“ Required SSL = true and client certificate = accept
using powershell”(我必须将其配置为 ansible playbook)我已经搜索过但没有没有得到任何解决方案。
Kindly help.请帮忙。 Any leads or solution will be appreciated.
任何线索或解决方案将不胜感激。 :) Thank You
:) 谢谢
Use the Set-WebConfiguration
cmdlet.使用
Set-WebConfiguration
cmdlet。 There's a great configuration reference on IIS.NET that you can use to find the valid values - in this case Ssl
and SslNegotiateCert
: 在 IIS.NET 上有一个很好的配置参考,您可以使用它来查找有效值 - 在本例中为
Ssl
和SslNegotiateCert
:
Set-WebConfiguration -Location "[sitename]" -Filter 'system.webserver/security/access' -Value 'Ssl,SslNegotiateCert'
Actually, Set-WebConfiguration
does not work on attributes in a reliable manner.实际上,
Set-WebConfiguration
不能以可靠的方式处理属性。
What you instead want to use is:你想要使用的是:
$cfgSection = Get-IISConfigSection -Location "{siteName}/{appName}" -SectionPath "system.webServer/security/access";
Set-IISConfigAttributeValue -ConfigElement $cfgSection -AttributeName "sslFlags" -AttributeValue "Ssl, SslNegotiateCert";
Note that after you use Set-IISConfigAttributeValue
(and commit the change, if you're doing a delayed commit), you can't use that instance of $cfgSection to make subsequent changes;请注意,在您使用
Set-IISConfigAttributeValue
(并提交更改,如果您进行延迟提交)之后,您不能使用 $cfgSection 的该实例进行后续更改; you'll have to fetch another instance first.您必须先获取另一个实例。
PS: If you want to see what's in the config before you mess with it (or afterwards), the authoritative settings are here: C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config PS:如果你想在弄乱它之前(或之后)查看配置中的内容,权威设置在这里:C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config
Or you can continue the above code and add Get-IISConfigAttributeValue -ConfigElement $cfgSection -AttributeName "sslFlags";
或者你可以继续上面的代码并添加
Get-IISConfigAttributeValue -ConfigElement $cfgSection -AttributeName "sslFlags";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.