I am trying to use PowerShell to query a website and see what SSL certificate (name) it is using for HTTPS bindings. Then I would like to trace back to see what CA issued the cert.
I am having trouble querying the website to find out what SSL certificate is bound. The IIS 7.5 GUI shows a friendly name.
After I get the websites SSL certificate the plan is to use PowerShell to search the Certificate stores by FriendlyName
(or thumbprint, or some other value).
Here is what I have so far:
-
Query store for cert info:
get-childitem cert:\LocalMachine\my | ft issuer, subject, notafter, FriendlyName
-
check for active bindings
get-itemproperty 'IIS:\Sites\(SITENAME)' -name bindings
I'm not sure where this information is stored, and I have no luck searching for it with PowerShell, in the web.config
and applicationhost.config
. Google searching has not been helpful so far.
Any info, links to information, or documentation on how certs are handled / stored in IIS is appreciated.
Best Answer
To get the site SSL binding check out:
IIS:\SslBinding
You can get the binding port like this:
The
Thumbprint
andStore
properties will be of interest.You can get the actual cert using:
e.g.