我有以下在IIS6中创建新网站的powershell脚本:
有谁知道如何将现有的ssl证书分配给网站?
我知道我可以使用adsutil.vbs设置端口号,如下所示:
cscript adsutil.vbs set w3svc/xxx/securebindings ":443:somewhere.com"
但是,在分配现有的ssl证书时,我正在画一大笔空白。
答案 0 :(得分:5)
我认为这就是你想要的:
$w3svc = "W3SVC/566412209" # <-- W3SVC/[iis number]
$pfxPath = "c:\ssl\myssl.pfx"
$pfxPassword = "password123" # Whatever the certificate file's password is
$certMgr = New-Object -ComObject IIS.CertObj
$certMgr.ServerName = [System.Environment]::MachineName
$certMgr.InstanceName = $w3svc
$certMgr.Import($pfxPath, $pfxPassword, $true, $true)
您还可以创建.NET Interop程序集(通过向C:\WINDOWS\system32\inetsrv\certobj.dll添加COM引用或使用tlbimp.exe),以便您可以使用PowerShell和.NET项目:
[void][reflection.assembly]::loadfrom("Interop.CERTOBJLib.dll")
$certMgr = new-object -typeName CERTOBJLib.IISCertObjClass
$certMgr.ServerName = [System.Environment]::MachineName
$certMgr.InstanceName = $w3svc
$certMgr.Import($pfxPath, $pfxPassword, $true, $true)
您仍然需要单独设置SSL端口绑定。
IIS.CertObj上的MS文档在这里:
答案 1 :(得分:2)
由于已经回答了这个问题,我将在函数中为此提供自己的风格。这相当于使用GUI打开网站和“分配现有证书”。
Function ImportSSLCertificateToWebsite{
param([string]$pfxPath, [string]$pfxPassword, [string]$siteName, [string]$SSLIPPort);
<# This script is deigned to run locally on the destination box; however it can be run remotely via Invoke-Command using a PSSession #>;
<# $pfxPath can be a local or remote location "c:\somesite.pfx" or "\\someserver\share\somesite.pfx" #>;
<# SSLIPPort must look like: "10.5.100.2:443" or ":443", will be split out below #>;
$SSLIPPortTemp=$SSLIPPort.Split(":");
$SSLIP=[string]$SSLIPPortTemp[0];
$SSLPort=[string]$SSLIPPortTemp[1];
$iisWebSite = Get-WmiObject -Namespace 'root\MicrosoftIISv2' -Class IISWebServerSetting -Filter "ServerComment = '$siteName'";
$secureBindings=[System.Management.ManagementBaseObject[]]$iisWebSite.SecureBindings;
$secureBindings[0].IP="$SSLIP";
$secureBindings[0].PORT="$SSLPort"+":"; <# must look like "443:" #>;
$iisWebSite.SecureBindings=[System.Management.ManagementBaseObject[]]$secureBindings;
$iisWebSite.SetInfo;
$iisWebsite.Put();
<# to output the SecureBindings object for confirmation changes were made #>; foreach($a in [System.Management.ManagementBaseObject[]]$iisWebSite.SecureBindings){$a};
$certMgr = New-Object -ComObject IIS.CertObj -ErrorAction SilentlyContinue;
$certMgr.InstanceName = [string]$iisWebSite.Name;
$certMgr.Import($pfxPath,$pfxPassword,$true,$true);
}
ImportSSLCertificateToWebsite "\\secure101\Certs\PFX\somesite.yourdomain.com.pfx" "ThePasswordForThePFX" "somesite.yourdomain.com" ":443"
答案 2 :(得分:0)
设置一些变量:
${HostName} = "mydomain.com"
${IPAddressString} = "127.0.0.1"
${Port} = 43
${CertificateThumbprint} = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "CN=*${HostName}*" } | Select-Object -expand Thumbprint
然后运行netsh或httpcfg
netsh http add sslcert "ipport=${IPAddressString}:${Port}" "certhash=${CertificateThumbprint}" "appid={4dc3e181-e14b-4a21-b022-59fc669b0914}"
或
httpcfg set ssl -i ${IPAddressString}:${Port} -h ${CertificateThumbprint} -g "{4dc3e181-e14b-4a21-b022-59fc669b0914}"