使用 powershell 更改 IIS SSL 设置

Question

I am completely new to Windows PowerShell. I am trying to change the IIS's default web site's SSL settings from Required SSL = false and client certificate = ignore to Required SSL = true and client certificate = accept using powershell (I have to configure it to ansible playbook) I have searched but didn't get any solution.

Kindly help. Any leads or solution will be appreciated. :) Thank You

Answer 1

Use the Set-WebConfiguration cmdlet. There's a great configuration reference on IIS.NET that you can use to find the valid values - in this case Ssl and SslNegotiateCert :

Set-WebConfiguration -Location "[sitename]" -Filter 'system.webserver/security/access' -Value 'Ssl,SslNegotiateCert'

Answer 2

Actually, Set-WebConfiguration does not work on attributes in a reliable manner.

What you instead want to use is:

$cfgSection = Get-IISConfigSection -Location "{siteName}/{appName}" -SectionPath "system.webServer/security/access";
Set-IISConfigAttributeValue -ConfigElement $cfgSection -AttributeName "sslFlags" -AttributeValue "Ssl, SslNegotiateCert";

Note that after you use Set-IISConfigAttributeValue (and commit the change, if you're doing a delayed commit), you can't use that instance of $cfgSection to make subsequent changes; you'll have to fetch another instance first.

PS: If you want to see what's in the config before you mess with it (or afterwards), the authoritative settings are here: C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config

Or you can continue the above code and add Get-IISConfigAttributeValue -ConfigElement $cfgSection -AttributeName "sslFlags";