Powershell – Add SSL binding using shared certificate

iis-7powershellpowershell-2.0

I am using following code to link certificate to SSL binding that I have added

$thumb = (Get-ChildItem cert:\LocalMachine\My | where-object { $_.Subject -like $wildCardSubject }     | Select-Object -First 1).Thumbprint
Push-Location IIS:\SslBindings
Get-Item cert:\LocalMachine\My\$thumb | New-Item $ipAddress!$port
Pop-Location

This works fine without any errors. After running this, if I open bindings UI for that website from IIS manager I do not see any certificate attached to the binding. Am I missing anything here?

On a similar topic, if I am using a shared certificate between two websites, what care do I need to take in order to ensure that adding/removing ssl bindings work? I can see following problems where doing this from IIS Manager UI

  1. When adding second binding, it gives warning saying certificate is already used by other website. I still go ahead and everything works, not sure what happens behind the scene.
  2. When removing the binding, it gives a warning saying the certificate is used in other binding and removing this binding would make other binding unusable. Even in this case, I proceed and other site seems to work fine

Best Answer

Get-Item expects String Value of Thumbprint. Hope this helps. 

$Cert = dir cert:\localmachine\my | Where-Object {$_.Subject -like $CertSubject }
$Thumb = $Cert.Thumbprint.ToString()
Push-Location IIS:\SslBindings
New-WebBinding -Name $WebSiteName -IP $IP -Port 443 -Protocol https
Get-Item cert:\LocalMachine\MY\$strThumb | new-item $IP!443
Pop-Location

For the Other two Question, HTTPS Binding is IP+SSLCertificate. So if you want to use Shared Certificate try and use Unique IP for each Binding, doing so will not give you any Warning.

Related Topic