How can I use PowerShell to find a website's certificate?

Question

I am trying to use PowerShell to query a website and see what SSL certificate (name) it is using for HTTPS bindings. Then I would like to trace back to see what CA issued the cert.

I am having trouble querying the website to find out what SSL certificate is bound. The IIS 7.5 GUI shows a friendly name.

After I get the websites SSL certificate the plan is to use PowerShell to search the Certificate stores by FriendlyName (or thumbprint, or some other value).

Here is what I have so far:

• Query store for cert info:

  get-childitem cert:\LocalMachine\my | ft issuer, subject, notafter, FriendlyName
  

• check for active bindings

  get-itemproperty 'IIS:\Sites\(SITENAME)' -name bindings
  

I'm not sure where this information is stored, and I have no luck searching for it with PowerShell, in the web.config and applicationhost.config. Google searching has not been helpful so far.

Any info, links to information, or documentation on how certs are handled / stored in IIS is appreciated.

Answer 1

To get the site SSL binding check out: IIS:\SslBinding

You can get the binding port like this:

dir IIS:\SslBindings | ? {$_.Port -eq 1443} | Select *

The Thumbprint and Store properties will be of interest.

You can get the actual cert using:

get-item cert:\LocalMachine\$theStore\$theThumbprint

e.g.

get-item cert:\LocalMachine\My\29F025A78F537D931A8CF05B00EB81DB84160CF3 | select *