Reputation: 143
How to retrieve SSL certificate of an IIS website in PowerShell
I'm trying to retrieve the certificate of a bunch of IIS websites and match the thumbprint with a certificate that I have. If the thumbprint is matched, that's perfectly fine. However, if the thumbprint is not matched then I want to add that specific certificate to that website. I know I can verify if the desired certificate exists using:
Get-ChildItem -Path Cert:\LocalMachine\My | Select-Object Thumbprint
And I can get the IIS websites and look at bindings using:
Get-ChildItem -Path IIS:Sites | Select-Object -ExpandProperty Bindings
However, I can't figure out how I can retrieve the certificate thumbprint of these websites. I have the target certificate's thumbprint stored in a variable like so:
$CertThumbprint = "###############################"
If I am going at it the wrong way, please let me know. Thank you.
Upvotes: 6
Views: 13391
Answers (2)
Reputation: 1
(1) IIS site may have 'N' number of SSL Bindings depending on use of multiple Host Names and/or Ports so to capture those you can do:
Import-Module WebAdministration
Get-ChildItem IIS:SSLBindings | Foreach-Object {
[PSCustomObject]@{
Site=$_.sites.value
HostName=$_.Host
Port=$_.Port
Thumb=$_.thumbprint
}
}
Bonus Section: The following will show how to query remote servers and will pre-filter based upon only unique thumbprints while also querying HKLM:\ to assist in displaying typical cert info.
$ComputerName = 'Server1','Server2'
$Results = Invoke-Command -ComputerName $ComputerName -Credential $MyCred -ScriptBlock {
Import-Module WebAdministration
$SSLBindings = Get-ChildItem IIS:SSLBindings |
Sort-Object thumbprint -unique
$SSLBindings | Foreach-Object {
$cert = Get-ChildItem cert:\LocalMachine\My |
Where-Object thumbprint -Match $_.thumbprint |
Select-Object Subject, SerialNumber, NotBefore, NotAfter
[PSCustomObject]@{
Site = $_.sites.value
Thumb = $_.thumbprint
Subject = $cert.Subject
Serial = $cert.SerialNumber
NotBefore = $cert.NotBefore
NotAfter = $cert.NotAfter
}
}
}
$Results
Upvotes: 0
Reputation: 61068
First of all, this is not my code, found that here.
You can try this perhaps:
Import-Module WebAdministration
$siteThumbs = Get-ChildItem IIS:SSLBindings | Foreach-Object {
[PSCustomObject]@{
Site = $_.Sites.Value
Thumbprint = $_.Thumbprint
}
}
This should give you an array of objects with both the sites and the thumbprints for you to compare.
From your comment, I gather more than one site can share the same thumbprint and to list them separately, you could do this (untested)
Import-Module WebAdministration
$siteThumbs = Get-ChildItem IIS:SSLBindings | Foreach-Object {
$thumb = $_.Thumbprint
foreach ($site in $_.Sites.Value) {
[PSCustomObject]@{
Site = $site
Thumbprint = $thumb
}
}
}
Upvotes: 8
Related Questions
- How to download the SSL certificate from a website using PowerShell?
- Get SSL Certificate 'Issued to'
- How do I download the certificate from a web server that is self signed using PowerShell?
- How to export the Certificate details related to the particular IIS site using Powershell script
- Get certificates information using powershell
- How can I use PowerShell to find a website's certificate?
- Associate existing SSL certificate to IIS Website
- Trusting certificate of HTTPS site in web request
- Export certificate from IIS using PowerShell
- System.Net.WebRequest not presenting my certificate