我正在使用cert util命令添加ssl证书,但是添加证书后,如何使用Power Shell为所有托管的网站选择新的
我尝试在Powershell下选择新安装的证书,但是我收到错误SSL证书添加失败,错误:183 该文件已存在时无法创建该文件。 有时,SSL证书添加失败,错误:1312 指定的登录会话不存在。它可能已经终止了
$hostname="*.domain.net"
$cert = (Get-ChildItem cert:\LocalMachine\My | where-object { $_.Subject -like "*$hostname*" } | Select-Object -First 1).Thumbprint
$guid = [guid]::NewGuid().ToString("B")
netsh http add sslcert ipport="${IPAddressV2}:443" certhash=$cert certstorename=MY appid="$guid"
netsh http add sslcert ipport="${IPAddressV3}:443" certhash=$cert certstorename=MY appid="$guid"
netsh http add sslcert ipport="127.0.0.1:443" certhash=$cert certstorename=MY appid="$guid"
答案 0 :(得分:0)
您正在尝试将SSL证书绑定到通配符主机名。 每个网站都有一个SSL证书,尽管SSL证书可以是通配符,但该网站应该是唯一的名称。
如此处进一步讨论...
..以及本文/ answer。
根据OP请求进行更新
假设这是IIS。最好也导入WebAdministration模块,以备有所有IIS cmdlet和IIS PSDrive。
# Set SSL bindings for the default site, as an example
New-WebBinding -Name "Default Web Site" -Protocol "https" -IPAddress "10.10.0.3" -Port 443 -HostHeader "intranet.corp.contoso.com"
$SSLCert = Get-ChildItem –Path "cert:\LocalMachine\My" |
Where-Object {$_.subject -like 'cn=intranet*'}
New-Item "IIS:SslBindings\10.10.0.3!443" -value $SSLCert
这是IIS人士可以利用的主要IIS文章。本文中有很多案例,我已经摘录了一些相关案例,这些案例应该可以帮助您找到需要去的地方。
IIS Powershell用户指南-比较代表性的IIS UI任务 https://blogs.iis.net/jeonghwan/iis-powershell-user-guide-comparing-representative-iis-ui-tasks
# Related UI Task:"Add Web Site..." wizard
# 18.[Sites] Set bindings
Case1: Create SSL Binding (127.0.0.1!443)
$certObect=get-item cert:LocalMachineMyE48803C3A6DDC8F2BFE3D8B7B7D56BBA70270F92new-item IIS:SslBindings127.0.0.1!443 -value $certObect
# Case2: Set 'Bindings' property with multiple binding information including the SSL binding which was created above.
$newBinding=(@{protocol="http";bindingInformation="127.0.0.1:80:normalSite"},@{protocol="https";bindingInformation="127.0.0.1:443:securedSite"})
Set-itemproperty "IIS:SitesDefault Web Site" -name bindings -value $newBinding
# Or, you can use other task-based cmdlet(s) instead:
New-WebBinding -Site "Default Web Site" -Port 443 -IPAddress 127.0.0.1 -HostHeader securedSite
# NOTE: you can also use set-webconfiguration, set-webconfiguration or add-webconfigurationProperty.
Set-Webconfiguration '/system.applicationHost/sites/site[@name="Default Web Site"]/bindings' -value $newBinding -PSPath iis:
Set-WebconfigurationProperty '/system.applicationHost/sites/site[@name="Default Web Site"]' -name bindings.collection -value $newBinding -at 0 -PSPath iis:
Add-WebconfigurationProperty '/system.applicationHost/sites/site[@name="Default Web Site"]' -name bindings.collection -value @{protocol="https";bindingInformation="127.0.0.1:443:securedSite"} -at 0 -PSPath iis:
答案 1 :(得分:0)
这是工作脚本,它会自动为端口号为443的所有绑定选择新安装的证书
Import-Module Webadministration
IIS:
$IPAddress = "C:\Ipaddress.txt"
$Bindings = Get-WebBinding | Where-Object {$_.protocol -eq "https"} | Select-Object -ExpandProperty bindingInformation
$IPs = $Bindings | ForEach-Object { @($_ -split ':')[0]}
$IPs = @($IPs |Sort-Object -Unique) > $IPAddress
Import-Module Webadministration
$Friendlyname="*.abcd.com"
Get-ChildItem cert:\LocalMachine\My | where-object { $_.Subject -like "*$Friendlyname*" }
$hostname = Get-Content C:\Ipaddress.txt
foreach ($name in $hostname) {
$cert = (Get-ChildItem cert:\LocalMachine\My | where-object { $_.Subject -like "*$Friendlyname*" } | Select-Object -First 1).Thumbprint
Remove-Item -path "IIS:\SslBindings\${name}!443"
TIMEOUT /T 5 /NOBREAK
New-Item -path "IIS:\SslBindings\$name!443" -Thumbprint $cert}