[英]IIS 7.5 Powershell script - Management service & Configure Web Deploy Publishing
[英]How do I set the IIS 10.0 Management Service SSL Certificate via a Powershell script to allow Web Deploy?
当我运行Windows更新并对Amazon EC2实例进行sysprep(Windows Server 2016)时,我必须创建一个新的自签名证书。 然后,我可以在“管理服务”屏幕中选择SSL证书(我将其命名为WebDeploy)。 我已经弄清楚了如何从Windows Powershell创建SSL证书,但是我必须从屏幕快照的下拉列表中选择SSL证书。 如何从命令行设置该SSL证书?
这是我尝试过的不起作用的方法-我能够避免错误,但是如果没有我进入IIS管理器屏幕并手动选择下拉列表的情况,这些错误都无法使WebDeploy工作。
Stop-Service wmsvc
$strGuid = New-Guid
Import-Module WebAdministration
Remove-Item -Path IIS:\SslBindings\0.0.0.0!8172
Get-Item -Path "cert:\localmachine\my\$strHashThumbprint" | New-Item -Path
IIS:\SslBindings\0.0.0.0!8172
Start-Service wmsvc
而且,这不起作用:
Stop-Service wmsvc
netsh http delete sslcert ipport=0.0.0.0:8172
netsh http add sslcert ipport=0.0.0.0:8172 certhash=$strHashThumbprint appid=`{$strGuid`} certstorename="MY" sslctlstorename="MY"
Start-Service wmsvc
最后,这不起作用:
Stop-Service wmsvc
Add-NetIPHttpsCertBinding -IpPort "0.0.0.0:8172" -CertificateHash $strHash -CertificateStoreName "My" -ApplicationId "{$strGuid}" -NullEncryption $false
Start-Service wmsvc
我终于在https://forums.iis.net/t/1238001.aspx找到了答案
我不确定是否需要受信任的根存储部分-一切似乎都可以正常运行,但是我非常有信心需要更新注册表项。 这是使它起作用的关键。
完整脚本:
# Delete any existing certificates
Set-Location -Path "cert:\LocalMachine\My"
Get-ChildItem -Path "cert:\LocalMachine\My" | Remove-Item
#Create the new certificate
$strNewCertficate = New-SelfSignedCertificate -FriendlyName "WebDeploy" -DnsName "yoursite.com" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter $([datetime]::now.AddYears(5))
$strHashThumbprint = $strNewCertficate.Thumbprint
#add it to the trusted root store
$trustedRootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("root","LocalMachine")
$trustedRootStore.open("ReadWrite");
$trustedRootStore.add($strNewCertficate);
#Use the new certificate
Stop-Service wmsvc
$strGuid = New-Guid
netsh http delete sslcert ipport=0.0.0.0:8172
netsh http add sslcert ipport=0.0.0.0:8172 certhash=$strHashThumbprint appid=`{$strGuid`} certstorename="MY"
#convert thumbprint to bytes and update registry
$bytes = for($i = 0; $i -lt $strHashThumbprint.Length; $i += 2) { [convert]::ToByte($strHashThumbprint.SubString($i, 2), 16) }
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\WebManagement\Server' -Name IPAddress -Value "*";
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\WebManagement\Server' -Name SslCertificateHash -Value $bytes
Start-Service wmsvc
尽管有IIS版本,但这个问题似乎与...
如何为服务器核心上的IIS7 +管理服务分配其他SSL证书?
# get the thumbprint for the certificate we want to use:
$thumb = (Get-ChildItem cert:\LocalMachine\MY | where-object { $_.FriendlyName -eq "www.stackoverflow.com" } | Select-Object -First 1).Thumbprint
# get a new guid:
$guid = [guid]::NewGuid()
# remove the self-signed certificate:
& netsh http delete sslcert ipport=0.0.0.0:8172
# add the 'proper' certificate:
& netsh http add sslcert ipport=0.0.0.0:8172 certhash=$thumb appid=`{$guid`}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.