Simple PowerShell script to get all bindings in Internet Information Services (IIS) and SSL certificates.
Import-Module -Name WebAdministration
Get-ChildItem -Path IIS:SSLBindings | ForEach-Object -Process `
{
if ($_.Sites)
{
$certificate = Get-ChildItem -Path CERT:LocalMachine/My |
Where-Object -Property Thumbprint -EQ -Value $_.Thumbprint
[PsCustomObject]@{
Sites = $_.Sites.Value
CertificateFriendlyName = $certificate.FriendlyName
CertificateDnsNameList = $certificate.DnsNameList
CertificateNotAfter = $certificate.NotAfter
CertificateIssuer = $certificate.Issuer
}
}
}
15 responses to “PowerShell script to get all IIS bindings and SSL certificates”
Does this not work in Powershell 2.0?
Hi Jared, [PsCustomObject]@{} will not work in PS 2.0 but you may replace it by New-Object -TypeName PSObject
So this is a good start. A holy grail Powershell script would get a list of all SSL bindings on an IIS server, then replace them with a newly uploaded SSL cert. Got anything like that? I have about 80 servers to run through and have found a way to Powershell them into the cert store, but not actually replace the SSL cert on the server with the new cert, bound to whatever websites are on the servers, (they are all different)
Matt, Import-Module Webadministration dir cert:\localmachine\my $hostname = Get-Content C:\hostnames.txt foreach ($name in $hostname) { $cert = "cc56fa08547824c60d2a6a453641b9d2ec24cb39" Netsh http delete sslcert hostnameport=${name}:443 $guid = [guid]::NewGuid().ToString("B") netsh http add sslcert hostnameport="${name}:443" certhash=$cert certstorename=MY appid="$guid"}
I need to get details of all websites x ,y ,z .. in server A and their corresponding Cert issuer name and SHA .Please guide me for the script
Exactly what I needed. Thank you very much. However -Path IIS:SSLBindings results in path not found on some servers I manage..
The first line was showing error "Invalid SSL binding name, please use format ‘IPAddress!port!hostname’. IPAddress and hostname may be blank if they are not necessary." I fixed it by changing "IIS:SSLBindings" to "IIS:\SSLBindings".
Hello Rudolf, Thank you for the script. but do you have anything which can give the list of host headed sites binding information with respective certificate? the way we have is that we have single sites with multiple bindings with host header on 443 but different certificates. please can you help Thanks
captcha not working g.co/recaptcha/upgrade
nice work, how can i get Client Certificate Revocation, Negotiate Client Certificate and hash value
[…] PowerShell script to get all IIS bindings and SSL certificates […]
The backslash characters have been stripped out of the code, please fix the code. Cert:\ IIS:\
Nice Script, compliments
However it would be useful to have the opposite:
List of installed Server Certificates and for each the IIS site(s) bound to it
In order to have
– certificate installed but not used by any site
– certificate bound to more sites and to treat carefully
Thanks
How can we seperate only port numbers from the below result get-webbinding command
bindingInformation
——————
*:80:
192.168.41.151:8001:www.abc.com
*:8002:www.xyx.com
192.168.41.151:8081:www.websites.com
(Get-WebBinding).bindinginformation.foreach( { ($_ -split “:”)[1] } )