[英]Powershell IIS7 Snap in Assign SSL certificate to https binding
As part of our automated build procedure we are trashing and reconstructing our IIS site with powershell scripts. 作为我们自动构建过程的一部分,我们使用PowerShell脚本来破坏和重建我们的IIS站点。
Once i have created the AppPool and the website complete with binding information I want to set the SSL certificate for the https binding. 一旦我创建了AppPool并且网站完成了绑定信息,我想为https绑定设置SSL证书。 I can't find any concrete examples onl;ine anywhere that demonstrate this.
我找不到任何具体的例子,在任何地方都可以证明这一点。
Any ideas? 有任何想法吗?
Looking for a benevolent powershell god... 寻找一个仁慈的贝壳神......
You can merge previous examples with creation of an https binding in a web site. 您可以将先前的示例与在网站中创建https绑定合并。
import-module webadministration
$computerName = $Env:Computername
$domainName = $Env:UserDnsDomain
New-WebBinding -Name "MyWebSite" -IP "*" -Port 443 -Protocol https
Get-ChildItem cert:\LocalMachine\My | where { $_.Subject -match "CN\=$Computername\.$DomainName" } | select -First 1 | New-Item IIS:\SslBindings\0.0.0.0!443
Here is how to do it simply: 以下是如何做到这一点:
First identify thecertificate that you want to assign and obtain it's thumbprint 首先确定要分配的证书并获取其指纹
eg Your certificate might be in cert:\\LocalMachine\\Root 例如,您的证书可能位于cert:\\ LocalMachine \\ Root中
You can obtain the thumbprint with the following: 您可以使用以下内容获取指纹:
$thumb = (Get-ChildItem cert:\LocalMachine\Root | where-object { $_.Subject -like "YOUR STRING HERE*" } | Select-Object -First 1).Thumbprint
<<< Now one can assign the certificate to an ip address and port comme ci >>> <<<现在可以将证书分配给IP地址和端口comme ci >>>
$IPAddress = 101.100.1.90
$port = 443
Push-Location IIS:\SslBindings
Get-Item cert:\LocalMachine\Root\$thumb | New-Item $IPAddress!$port
Pop-Location
Hope this is of help to anyone 希望这对任何人都有帮助
You can make the script simpler like this: 您可以使脚本更简单:
Get-ChildItem cert:\LocalMachine\Root | where { $_.Subject -like "YOUR STRING HERE*" } | select -First 1 | New-Item IIS:\SslBindings\0.0.0.0!443
Use 0.0.0.0 to target all hosted IP's (equivalent to "*" in IIS Manager) or replace it with a specific IP if needed. 使用0.0.0.0定位所有托管IP(在IIS管理器中等效于“*”),或者根据需要将其替换为特定IP。
I've found an example here on how one can assign the certificate. 我在这里找到了一个如何分配证书的例子。
http://learn.iis.net/page.aspx/491/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in/ http://learn.iis.net/page.aspx/491/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in/
However, it doesn't seem very elegant having to hard code the certificate thumbprint ... so if any one knows of a better method, I'd be glad to hear. 但是,硬编码证书指纹似乎并不优雅......所以如果有人知道更好的方法,我会很高兴听到。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.