How to assign a SSL Certificate to IIS7 Site from Command Prompt

ssl ssl-certificate iis-7 iis appcmd

Can you advise me whether it is possible or not to assign a SSL Certificate to a website in IIS7 using the APPCMD application?

I am familiar with the command to set the HTTPS Binding

appcmd set site /site.name:"A Site" /+bindings.[protocol='https',bindingInformation='*:443:www.mysite.com']

and how to obtain current mappings 

%windir%\system32\inetsrv\Appcmd

but can not seem to find any way to map a site to a certificate (say the certificates hash for example)


The answer is to use NETSH. For example

netsh http add sslcert ipport=0.0.0.0:443 certhash='baf9926b466e8565217b5e6287c97973dcd54874' appid='{ab3c58f7-8316-42e3-bc6e-771d4ce4b201}'

This helped me a lot: a simple guide, by Sukesh Ashok Kumar, to setting up SSL for IIS from the command line. Includes importing/generating the certificate with certutil / makecert.

http://www.awesomeideas.net/post/How-to-configure-SSL-on-IIS7-under-Windows-2008-Server-Core.aspx

EDIT: if the original URL is down, it's still available through the Wayback Machine.


With PowerShell and the WebAdministration module, you can do the following to assign an SSL certificate to an IIS site:

# ensure you have the IIS module imported
Import-Module WebAdministration

cd IIS:\SslBindings
Get-Item cert:\LocalMachine\My\7ABF581E134280162AFFFC81E62011787B3B19B5 | New-Item 0.0.0.0!443

Things to note... the value, "7ABF581E134280162AFFFC81E62011787B3B19B5" is the thumbprint for the certificate you want to import. So it needs to be imported into the certificate store first. The New-Item cmdlet takes in the IP address (0.0.0.0 for all IPs) and the port.

See http://learn.iis.net/page.aspx/491/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in/ for more details.

I've tested this in Windows Server 2008 R2 as well as Windows Server 2012 pre-release.


@David and @orip have it right.

However, I did want to mention that the ipport parameter specified in the example (0.0.0.0:443) is what the MSDN calls the "unspecified address (IPv4: 0.0.0.0 or IPv6: [::])".

I went looking it up, so I figured I'd document here to save someone else the time. This article focuses on SQL Server, but the information is still relevant:

http://msdn.microsoft.com/en-us/library/ms186362.aspx

Related

How to get all variables defined in the current scope/symbol table?
What possibilities can cause "Service Unavailable 503" error? [closed]
HTML Comments inside Opening Tag of the Element
Set text and get text from clipboard [closed]
Immutable Scala Map implementation that preserves insertion order [duplicate]
Android: LoaderCallbacks.OnLoadFinished called twice
Git push takes forever
git rebase --editor=/something/other/than/vim? (for easier squashing)
Do manual build fail in Jenkins using shell script
Execute shell script in Gradle
How to output to console in UWP on Windows 10?
When to use remote vs ipcRenderer, ipcMain