How to assign a SSL Certificate to IIS7 Site from Command Prompt

How to assign a SSL Certificate to IIS7 Site from Command Prompt

Ask Question

10 years, 11 months ago

2 months ago

63k times




Can you advise me whether it is possible or not to assign a SSL Certificate to a website in IIS7 using the APPCMD application?

I am familiar with the command to set the HTTPS Binding

appcmd set site /”A Site” /+bindings.[protocol=’https’,bindingInformation=’*’]

and how to obtain current mappings


but can not seem to find any way to map a site to a certificate (say the certificates hash for example)

iis iis-7 ssl ssl-certificate appcmd

share|improve this question

edited Nov 24 ’09 at 11:52

David Christiansen

asked Feb 26 ’09 at 17:37

David ChristiansenDavid Christiansen

5,62311 gold badge3333 silver badges4141 bronze badges

add a comment

6 Answers





The answer is to use NETSH.
For example

netsh http add sslcert ipport= certhash=’baf9926b466e8565217b5e6287c97973dcd54874′ appid='{ab3c58f7-8316-42e3-bc6e-771d4ce4b201}’

share|improve this answer

edited Apr 12 ’17 at 21:14

answered May 7 ’09 at 11:44

David ChristiansenDavid Christiansen

5,62311 gold badge3333 silver badges4141 bronze badges


I simply use a random GUID for the appID

– David Christiansen
Jul 5 ’11 at 11:35


Doesn’t work for me: SSL Certificate add failed, Error: 183 Cannot create a file when that file already exists.

– thomaspaulb
Apr 3 ’12 at 14:46


typing netsh http show sslcert will give appid and certhash of certificates installed on machine.

– tigrou
Jun 20 ’14 at 12:55


Greetings, powershellers from the future. Remember to add single quotes in appid='{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}’

– ciriarte
Apr 11 ’17 at 19:43


Can someone elaborate one how to get the app id for a specific site? I tried Get-StartApps but there doesn’t appear to be any sites listed in that.

– user3505901
May 22 ’18 at 14:41

show 4 more comments


This helped me a lot: a simple guide, by Sukesh Ashok Kumar, to setting up SSL for IIS from the command line. Includes importing/generating the certificate with certutil / makecert.

EDIT: if the original URL is down, it’s still available through the Wayback Machine.

share|improve this answer

edited Feb 11 ’15 at 15:31

answered Oct 17 ’10 at 16:56


60.4k2020 gold badges107107 silver badges143143 bronze badges

@TLS – crap. Added a wayback machine link.

– orip
Feb 11 ’15 at 15:32

add a comment


With PowerShell and the WebAdministration module, you can do the following to assign an SSL certificate to an IIS site:

# ensure you have the IIS module imported
Import-Module WebAdministration

cd IIS:SslBindings
Get-Item cert:LocalMachineMy7ABF581E134280162AFFFC81E62011787B3B19B5 | New-Item!443

Things to note… the value, “7ABF581E134280162AFFFC81E62011787B3B19B5” is the thumbprint for the certificate you want to import. So it needs to be imported into the certificate store first. The New-Item cmdlet takes in the IP address ( for all IPs) and the port.

See for more details.

I’ve tested this in Windows Server 2008 R2 as well as Windows Server 2012 pre-release.

share|improve this answer

answered Aug 7 ’12 at 19:55

David MohundroDavid Mohundro

9,87144 gold badges3535 silver badges4242 bronze badges

I like the way you can use Get-Item cert:LocalMachineMy* to take advantage of AD provisioned SSL certs.

– carpenterjc
Jul 17 ’17 at 12:55

This command succeeded but the ssl certificate is not selected for me in iis window, what does this actually do?

– user3505901
May 22 ’18 at 15:09

add a comment


@David and @orip have it right.

However, I did want to mention that the ipport parameter specified in the example ( is what the MSDN calls the “unspecified address (IPv4: or IPv6: [::])”.

I went looking it up, so I figured I’d document here to save someone else the time. This article focuses on SQL Server, but the information is still relevant:

share|improve this answer

answered Dec 1 ’11 at 0:29


2,73022 gold badges2222 silver badges3939 bronze badges

add a comment


Using the answers from this post, I created a single script that did the trick for me. It starts from the pfx file, but you could skip that step.

Here it is:

cd C:WindowsSystem32inetsrv

certutil -f -p “pa$$word” -importpfx “C:tempmycert.pfx”

REM The thumbprint is gained by installing the certificate, going to cert manager > personal, clicking on it, then getting the Thumbprint.
REM Be careful copying the thumbprint. It can add hidden characters, esp at the front.
REM appid can be any valid guid
netsh http add sslcert ipport= certhash=5de934dc39cme0234098234098dd111111111115 appid={75B2A5EC-5FD8-4B89-A29F-E5D038D5E289}

REM bind to all ip’s with no domain. There are plenty of examples with domain binding on the web
appcmd set site “Default Web Site” /+bindings.[protocol=’https’,bindingInformation=’*:443:’]

share|improve this answer

answered Jan 12 ’18 at 9:33


11.3k1212 gold badges6969 silver badges9696 bronze badges

Why do you use netsh and appcmd? I’m trying to understand the process, but it seems to me that they are doing the same thing (create the binding for all ips). Am I lost something?

– James
Mar 19 ’19 at 22:10

add a comment


If you’re trying to perform IIS Administration without using the MMC snap-in GUI, you should use the powershell WebAdministration module.

The other answers on this blog don’t work on later versions of Windows Server (2012)

share|improve this answer

edited Dec 3 ’19 at 4:27


17.1k2222 gold badges8080 silver badges127127 bronze badges

answered Dec 2 ’19 at 22:50

DevOps ScottDevOps Scott

1111 bronze badge

add a comment

Your Answer

Thanks for contributing an answer to Stack Overflow!Please be sure to answer the question. Provide details and share your research!But avoid …Asking for help, clarification, or responding to other answers.Making statements based on opinion; back them up with references or personal experience.To learn more, see our tips on writing great answers.

Draft saved
Draft discarded

Sign up or log in

Sign up using Google

Sign up using Facebook

Sign up using Email and Password


Post as a guest


Required, but never shown

Post Your Answer


By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you’re looking for? Browse other questions tagged iis iis-7 ssl ssl-certificate appcmd or ask your own question.


Trying to find your first dev job? Here’s what employers are actually looking…

New decade, new survey goals (& reminder to take the survey before it closes…

Featured on Meta

The company’s commitment to rebuilding the relationship with you, our community

How do the moderator resignations affect me and the community?

Testing GitHub Oneboxes



What appid should I use with netsh.exe?


Binding SSL certificate by name using command line


mvc3, IIs 7.5, server behind load balancer/firewall, forms authentication redirects to http://[ipaddress of machine]


IIS and Web Server SSL Cert


0Deploying WCF – Need to Set the Host Headers on an SSL Site3IIS7: How do I allow one site to bind to port 443 and prevent binding on other sites405Resolving PKIX path building failed Error?1210How to create a self-signed certificate with OpenSSL6APPCMD how to test if binding exists before I add it to a website?3Binding SSL certificate by name using command line23Powershell – Set SSL Certificate on https Binding0Setting existing SSL certificate on an IIS website which uses hostheader1Powershell command to export IIS websites and app pools of a remote server

Hot Network Questions

I flunked a technical test because some of their expected answers were wrong! Should I let the company know?

Why is my voltage dropping with load and why is current flowing on my ground wire?

One that is paid but cannot be bought

Would it be possible with current rocketry to go from Earth to Mercury and then come back?

STL container with a specific type as a generic argument

Is there a difference between 传说 and 神话

I was deported and my ban period ends this year, will I be able to return to the US?

The most common substring

Is it necessary to write limits for a substituted integral?

Is Trump the “chief law-enforcement officer of the United States”?

Template friendly string to numeric in C++

Palindrome checker program

Why do airports have runways?

Is there a hotkey for switching on/off a layer in QGIS

How could Antarctica become its own independent country?

Technique for driving hinge screws to minimize misalignment

Add unpublished but widely cited paper to CV?

Roughly how large is the population of Sandworms on Dune?


How to find a job without recommendation letters?

Existence of strange measure

What happens when an unconscious but stabilised character is hit?

Is it possible to swap the Apple //c’s monochrome CRT tube for a color one?

Can a Tiefling be turned into an undead creature?

more hot questions

Question feed

Subscribe to RSS

Question feed
To subscribe to this RSS feed, copy and paste this URL into your RSS reader.

Leave a Reply

Your email address will not be published. Required fields are marked *