[英]How do I set the IIS 10.0 Management Service SSL Certificate via a Powershell script to allow Web Deploy?
當我運行Windows更新並對Amazon EC2實例進行sysprep(Windows Server 2016)時,我必須創建一個新的自簽名證書。 然后,我可以在“管理服務”屏幕中選擇SSL證書(我將其命名為WebDeploy)。 我已經弄清楚了如何從Windows Powershell創建SSL證書,但是我必須從屏幕快照的下拉列表中選擇SSL證書。 如何從命令行設置該SSL證書?
這是我嘗試過的不起作用的方法-我能夠避免錯誤,但是如果沒有我進入IIS管理器屏幕並手動選擇下拉列表的情況,這些錯誤都無法使WebDeploy工作。
Stop-Service wmsvc
$strGuid = New-Guid
Import-Module WebAdministration
Remove-Item -Path IIS:\SslBindings\0.0.0.0!8172
Get-Item -Path "cert:\localmachine\my\$strHashThumbprint" | New-Item -Path
IIS:\SslBindings\0.0.0.0!8172
Start-Service wmsvc
而且,這不起作用:
Stop-Service wmsvc
netsh http delete sslcert ipport=0.0.0.0:8172
netsh http add sslcert ipport=0.0.0.0:8172 certhash=$strHashThumbprint appid=`{$strGuid`} certstorename="MY" sslctlstorename="MY"
Start-Service wmsvc
最后,這不起作用:
Stop-Service wmsvc
Add-NetIPHttpsCertBinding -IpPort "0.0.0.0:8172" -CertificateHash $strHash -CertificateStoreName "My" -ApplicationId "{$strGuid}" -NullEncryption $false
Start-Service wmsvc
我終於在https://forums.iis.net/t/1238001.aspx找到了答案
我不確定是否需要受信任的根存儲部分-一切似乎都可以正常運行,但是我非常有信心需要更新注冊表項。 這是使它起作用的關鍵。
完整腳本:
# Delete any existing certificates
Set-Location -Path "cert:\LocalMachine\My"
Get-ChildItem -Path "cert:\LocalMachine\My" | Remove-Item
#Create the new certificate
$strNewCertficate = New-SelfSignedCertificate -FriendlyName "WebDeploy" -DnsName "yoursite.com" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter $([datetime]::now.AddYears(5))
$strHashThumbprint = $strNewCertficate.Thumbprint
#add it to the trusted root store
$trustedRootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("root","LocalMachine")
$trustedRootStore.open("ReadWrite");
$trustedRootStore.add($strNewCertficate);
#Use the new certificate
Stop-Service wmsvc
$strGuid = New-Guid
netsh http delete sslcert ipport=0.0.0.0:8172
netsh http add sslcert ipport=0.0.0.0:8172 certhash=$strHashThumbprint appid=`{$strGuid`} certstorename="MY"
#convert thumbprint to bytes and update registry
$bytes = for($i = 0; $i -lt $strHashThumbprint.Length; $i += 2) { [convert]::ToByte($strHashThumbprint.SubString($i, 2), 16) }
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\WebManagement\Server' -Name IPAddress -Value "*";
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\WebManagement\Server' -Name SslCertificateHash -Value $bytes
Start-Service wmsvc
盡管有IIS版本,但這個問題似乎與...
如何為服務器核心上的IIS7 +管理服務分配其他SSL證書?
# get the thumbprint for the certificate we want to use:
$thumb = (Get-ChildItem cert:\LocalMachine\MY | where-object { $_.FriendlyName -eq "www.stackoverflow.com" } | Select-Object -First 1).Thumbprint
# get a new guid:
$guid = [guid]::NewGuid()
# remove the self-signed certificate:
& netsh http delete sslcert ipport=0.0.0.0:8172
# add the 'proper' certificate:
& netsh http add sslcert ipport=0.0.0.0:8172 certhash=$thumb appid=`{$guid`}
IIS 7.5 Powershell腳本-管理服務和配置Web部署發布
[英]IIS 7.5 Powershell script - Management service & Configure Web Deploy Publishing
如何在 IIS 到 PowerShell 中設置管理服務的 IP 地址限制?
[英]How to set IP Address Restrictions for Management Service in IIS through PowerShell?
如何在 PowerShell 中檢索 IIS 網站的 SSL 證書
[英]How to retrieve SSL certificate of an IIS website in PowerShell
如何使用 Powershell 查找僅 IIS 的 SSL 證書何時過期以獲取來自 OU 的服務器列表?
[英]How can I use Powershell to find when an SSL certificate expires for ONLY IIS for a list of servers from OU?
如何在Powershell腳本中將MS Web Deploy安裝到Azure Windows Server 2012 R2 VM?
[英]How do I install MS Web Deploy to an Azure Windows Server 2012 R2 VM in a powershell script?
如何使用 powershell 設置 IIS 的表單身份驗證 (system.web/authentication) 的 overrideMode?
[英]How do I set overrideMode of Forms Authentication (system.web/authentication) of IIS with powershell?
用於將Web部署包部署到IIS服務器的Powershell腳本(遠程)
[英]Powershell script for web deploy package to IIS server (Remote)
如何在Windows 2016上使用Powershell IISAdministration模塊為IIS網站設置Require SSL
[英]How to set Require SSL for an IIS web site using Powershell IISAdministration module on Windows 2016
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.