PowerShell script to get all IIS bindings and SSL certificates

Simple PowerShell script to get all bindings in Internet Information Services (IIS) and SSL certificates.

Import-Module -Name WebAdministration

Get-ChildItem -Path IIS:SSLBindings | ForEach-Object -Process `
    if ($_.Sites)
        $certificate = Get-ChildItem -Path CERT:LocalMachine/My |
            Where-Object -Property Thumbprint -EQ -Value $_.Thumbprint

            Sites                        = $_.Sites.Value
            CertificateFriendlyName      = $certificate.FriendlyName
            CertificateDnsNameList       = $certificate.DnsNameList
            CertificateNotAfter          = $certificate.NotAfter
            CertificateIssuer            = $certificate.Issuer

10 Comments on “PowerShell script to get all IIS bindings and SSL certificates

  1. Hi Jared, [PsCustomObject]@{} will not work in PS 2.0 but you may replace it by New-Object -TypeName PSObject

  2. So this is a good start. A holy grail Powershell script would get a list of all SSL bindings on an IIS server, then replace them with a newly uploaded SSL cert. Got anything like that? I have about 80 servers to run through and have found a way to Powershell them into the cert store, but not actually replace the SSL cert on the server with the new cert, bound to whatever websites are on the servers, (they are all different)

  3. Matt, Import-Module Webadministration dir cert:\localmachine\my $hostname = Get-Content C:\hostnames.txt foreach ($name in $hostname) { $cert = "cc56fa08547824c60d2a6a453641b9d2ec24cb39" Netsh http delete sslcert hostnameport=${name}:443 $guid = [guid]::NewGuid().ToString("B") netsh http add sslcert hostnameport="${name}:443" certhash=$cert certstorename=MY appid="$guid"}

  4. I need to get details of all websites x ,y ,z .. in server A and their corresponding Cert issuer name and SHA .Please guide me for the script

  5. Exactly what I needed. Thank you very much. However -Path IIS:SSLBindings results in path not found on some servers I manage..

  6. The first line was showing error "Invalid SSL binding name, please use format ‘IPAddress!port!hostname’. IPAddress and hostname may be blank if they are not necessary." I fixed it by changing "IIS:SSLBindings" to "IIS:\SSLBindings".

  7. Hello Rudolf, Thank you for the script. but do you have anything which can give the list of host headed sites binding information with respective certificate? the way we have is that we have single sites with multiple bindings with host header on 443 but different certificates. please can you help Thanks

  8. nice work, how can i get Client Certificate Revocation, Negotiate Client Certificate and hash value

Leave a Reply

Your email address will not be published. Required fields are marked *