PowerShell script to get all IIS bindings and SSL certificates

Simple PowerShell script to get all bindings in Internet Information Services (IIS) and SSL certificates.

Import-Module -Name WebAdministration

Get-ChildItem -Path IIS:SSLBindings | ForEach-Object -Process `
    if ($_.Sites)
        $certificate = Get-ChildItem -Path CERT:LocalMachine/My |
            Where-Object -Property Thumbprint -EQ -Value $_.Thumbprint

            Sites                        = $_.Sites.Value
            CertificateFriendlyName      = $certificate.FriendlyName
            CertificateDnsNameList       = $certificate.DnsNameList
            CertificateNotAfter          = $certificate.NotAfter
            CertificateIssuer            = $certificate.Issuer

15 responses to “PowerShell script to get all IIS bindings and SSL certificates”

  1. Hi Jared, [PsCustomObject]@{} will not work in PS 2.0 but you may replace it by New-Object -TypeName PSObject

  2. So this is a good start. A holy grail Powershell script would get a list of all SSL bindings on an IIS server, then replace them with a newly uploaded SSL cert. Got anything like that? I have about 80 servers to run through and have found a way to Powershell them into the cert store, but not actually replace the SSL cert on the server with the new cert, bound to whatever websites are on the servers, (they are all different)

  3. Matt, Import-Module Webadministration dir cert:\localmachine\my $hostname = Get-Content C:\hostnames.txt foreach ($name in $hostname) { $cert = "cc56fa08547824c60d2a6a453641b9d2ec24cb39" Netsh http delete sslcert hostnameport=${name}:443 $guid = [guid]::NewGuid().ToString("B") netsh http add sslcert hostnameport="${name}:443" certhash=$cert certstorename=MY appid="$guid"}

  4. I need to get details of all websites x ,y ,z .. in server A and their corresponding Cert issuer name and SHA .Please guide me for the script

  5. Exactly what I needed. Thank you very much. However -Path IIS:SSLBindings results in path not found on some servers I manage..

  6. The first line was showing error "Invalid SSL binding name, please use format ‘IPAddress!port!hostname’. IPAddress and hostname may be blank if they are not necessary." I fixed it by changing "IIS:SSLBindings" to "IIS:\SSLBindings".

  7. Hello Rudolf, Thank you for the script. but do you have anything which can give the list of host headed sites binding information with respective certificate? the way we have is that we have single sites with multiple bindings with host header on 443 but different certificates. please can you help Thanks

  8. nice work, how can i get Client Certificate Revocation, Negotiate Client Certificate and hash value

  9. The backslash characters have been stripped out of the code, please fix the code. Cert:\ IIS:\

  10. Nice Script, compliments
    However it would be useful to have the opposite:
    List of installed Server Certificates and for each the IIS site(s) bound to it

    In order to have
    – certificate installed but not used by any site
    – certificate bound to more sites and to treat carefully


  11. How can we seperate only port numbers from the below result get-webbinding command


Leave a Reply

Your email address will not be published. Required fields are marked *

Active Directory Advanced function AlwaysOn Availability Groups AlwaysOn Failover Cluster Instances Building Cloud Cloud Cluster Cmdlet Database Deployment Design DFS Domain Controller DSC Fabric Failover Clustering File Server Group Policy Hardware Profile Host Hyper-V Installation Library Library Asset Library Server Network Operations Manager Orchestrator PowerShell PowerShell User Group PowerShell Workflow Security Service Manager SQL Server Storage System Center Template Time Time Synchronization Tips Virtual Machine Virtual Machine Manager VM Network VM Template Windows Server 2012 R2