Categories
askquestion

How to assign a SSL Certificate to IIS7 Site from Command Prompt

How to assign a SSL Certificate to IIS7 Site from Command Prompt

Ask Question

Asked
10 years, 11 months ago

Active
2 months ago

Viewed
63k times

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{
margin-bottom:0;
}

54

17

Can you advise me whether it is possible or not to assign a SSL Certificate to a website in IIS7 using the APPCMD application?

I am familiar with the command to set the HTTPS Binding

appcmd set site /site.name:”A Site” /+bindings.[protocol=’https’,bindingInformation=’*:443:www.mysite.com’]

and how to obtain current mappings

%windir%system32inetsrvAppcmd

but can not seem to find any way to map a site to a certificate (say the certificates hash for example)

iis iis-7 ssl ssl-certificate appcmd

share|improve this question

edited Nov 24 ’09 at 11:52

David Christiansen

asked Feb 26 ’09 at 17:37

David ChristiansenDavid Christiansen

5,62311 gold badge3333 silver badges4141 bronze badges

add a comment
 | 

6 Answers
6

active

oldest

votes

53

The answer is to use NETSH.
For example

netsh http add sslcert ipport=0.0.0.0:443 certhash=’baf9926b466e8565217b5e6287c97973dcd54874′ appid='{ab3c58f7-8316-42e3-bc6e-771d4ce4b201}’

share|improve this answer

edited Apr 12 ’17 at 21:14

answered May 7 ’09 at 11:44

David ChristiansenDavid Christiansen

5,62311 gold badge3333 silver badges4141 bronze badges

1

I simply use a random GUID for the appID

– David Christiansen
Jul 5 ’11 at 11:35

3

Doesn’t work for me: SSL Certificate add failed, Error: 183 Cannot create a file when that file already exists.

– thomaspaulb
Apr 3 ’12 at 14:46

8

typing netsh http show sslcert will give appid and certhash of certificates installed on machine.

– tigrou
Jun 20 ’14 at 12:55

1

Greetings, powershellers from the future. Remember to add single quotes in appid='{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}’

– ciriarte
Apr 11 ’17 at 19:43

1

Can someone elaborate one how to get the app id for a specific site? I tried Get-StartApps but there doesn’t appear to be any sites listed in that.

– user3505901
May 22 ’18 at 14:41

 | 
show 4 more comments

17

This helped me a lot: a simple guide, by Sukesh Ashok Kumar, to setting up SSL for IIS from the command line. Includes importing/generating the certificate with certutil / makecert.

http://www.awesomeideas.net/post/How-to-configure-SSL-on-IIS7-under-Windows-2008-Server-Core.aspx

EDIT: if the original URL is down, it’s still available through the Wayback Machine.

share|improve this answer

edited Feb 11 ’15 at 15:31

answered Oct 17 ’10 at 16:56

oriporip

60.4k2020 gold badges107107 silver badges143143 bronze badges

@TLS – crap. Added a wayback machine link.

– orip
Feb 11 ’15 at 15:32

add a comment
 | 

9

With PowerShell and the WebAdministration module, you can do the following to assign an SSL certificate to an IIS site:

# ensure you have the IIS module imported
Import-Module WebAdministration

cd IIS:SslBindings
Get-Item cert:LocalMachineMy7ABF581E134280162AFFFC81E62011787B3B19B5 | New-Item 0.0.0.0!443

Things to note… the value, “7ABF581E134280162AFFFC81E62011787B3B19B5” is the thumbprint for the certificate you want to import. So it needs to be imported into the certificate store first. The New-Item cmdlet takes in the IP address (0.0.0.0 for all IPs) and the port.

See http://learn.iis.net/page.aspx/491/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in/ for more details.

I’ve tested this in Windows Server 2008 R2 as well as Windows Server 2012 pre-release.

share|improve this answer

answered Aug 7 ’12 at 19:55

David MohundroDavid Mohundro

9,87144 gold badges3535 silver badges4242 bronze badges

I like the way you can use Get-Item cert:LocalMachineMy* to take advantage of AD provisioned SSL certs.

– carpenterjc
Jul 17 ’17 at 12:55

This command succeeded but the ssl certificate is not selected for me in iis window, what does this actually do?

– user3505901
May 22 ’18 at 15:09

add a comment
 | 

4

@David and @orip have it right.

However, I did want to mention that the ipport parameter specified in the example (0.0.0.0:443) is what the MSDN calls the “unspecified address (IPv4: 0.0.0.0 or IPv6: [::])”.

I went looking it up, so I figured I’d document here to save someone else the time. This article focuses on SQL Server, but the information is still relevant:

http://msdn.microsoft.com/en-us/library/ms186362.aspx

share|improve this answer

answered Dec 1 ’11 at 0:29

fordarehfordareh

2,73022 gold badges2222 silver badges3939 bronze badges

add a comment
 | 

1

Using the answers from this post, I created a single script that did the trick for me. It starts from the pfx file, but you could skip that step.

Here it is:

cd C:WindowsSystem32inetsrv

certutil -f -p “pa$$word” -importpfx “C:tempmycert.pfx”

REM The thumbprint is gained by installing the certificate, going to cert manager > personal, clicking on it, then getting the Thumbprint.
REM Be careful copying the thumbprint. It can add hidden characters, esp at the front.
REM appid can be any valid guid
netsh http add sslcert ipport=0.0.0.0:443 certhash=5de934dc39cme0234098234098dd111111111115 appid={75B2A5EC-5FD8-4B89-A29F-E5D038D5E289}

REM bind to all ip’s with no domain. There are plenty of examples with domain binding on the web
appcmd set site “Default Web Site” /+bindings.[protocol=’https’,bindingInformation=’*:443:’]

share|improve this answer

answered Jan 12 ’18 at 9:33

HockeyJHockeyJ

11.3k1212 gold badges6969 silver badges9696 bronze badges

Why do you use netsh and appcmd? I’m trying to understand the process, but it seems to me that they are doing the same thing (create the binding for all ips). Am I lost something?

– James
Mar 19 ’19 at 22:10

add a comment
 | 

1

If you’re trying to perform IIS Administration without using the MMC snap-in GUI, you should use the powershell WebAdministration module.

The other answers on this blog don’t work on later versions of Windows Server (2012)

share|improve this answer

edited Dec 3 ’19 at 4:27

Shree

17.1k2222 gold badges8080 silver badges127127 bronze badges

answered Dec 2 ’19 at 22:50

DevOps ScottDevOps Scott

1111 bronze badge

add a comment
 | 

Your Answer

Thanks for contributing an answer to Stack Overflow!Please be sure to answer the question. Provide details and share your research!But avoid …Asking for help, clarification, or responding to other answers.Making statements based on opinion; back them up with references or personal experience.To learn more, see our tips on writing great answers.

Draft saved
Draft discarded

Sign up or log in

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Submit

Post as a guest

Name

Email
Required, but never shown

Post Your Answer

Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you’re looking for? Browse other questions tagged iis iis-7 ssl ssl-certificate appcmd or ask your own question.

Blog

Trying to find your first dev job? Here’s what employers are actually looking…

New decade, new survey goals (& reminder to take the survey before it closes…

Featured on Meta

The company’s commitment to rebuilding the relationship with you, our community

How do the moderator resignations affect me and the community?

Testing GitHub Oneboxes

Linked

78

What appid should I use with netsh.exe?

3

Binding SSL certificate by name using command line

0

mvc3, IIs 7.5, server behind load balancer/firewall, forms authentication redirects to http://[ipaddress of machine]

0

IIS and Web Server SSL Cert

Related

0Deploying WCF – Need to Set the Host Headers on an SSL Site3IIS7: How do I allow one site to bind to port 443 and prevent binding on other sites405Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?1210How to create a self-signed certificate with OpenSSL6APPCMD how to test if binding exists before I add it to a website?3Binding SSL certificate by name using command line23Powershell – Set SSL Certificate on https Binding0Setting existing SSL certificate on an IIS website which uses hostheader1Powershell command to export IIS websites and app pools of a remote server

Hot Network Questions

I flunked a technical test because some of their expected answers were wrong! Should I let the company know?

Why is my voltage dropping with load and why is current flowing on my ground wire?

One that is paid but cannot be bought

Would it be possible with current rocketry to go from Earth to Mercury and then come back?

STL container with a specific type as a generic argument

Is there a difference between 传说 and 神话

I was deported and my ban period ends this year, will I be able to return to the US?

The most common substring

Is it necessary to write limits for a substituted integral?

Is Trump the “chief law-enforcement officer of the United States”?

Template friendly string to numeric in C++

Palindrome checker program

Why do airports have runways?

Is there a hotkey for switching on/off a layer in QGIS

How could Antarctica become its own independent country?

Technique for driving hinge screws to minimize misalignment

Add unpublished but widely cited paper to CV?

Roughly how large is the population of Sandworms on Dune?

HSTS and HTTP/2

How to find a job without recommendation letters?

Existence of strange measure

What happens when an unconscious but stabilised character is hit?

Is it possible to swap the Apple //c’s monochrome CRT tube for a color one?

Can a Tiefling be turned into an undead creature?

more hot questions

Question feed

Subscribe to RSS

Question feed
To subscribe to this RSS feed, copy and paste this URL into your RSS reader.

Leave a Reply

Your email address will not be published. Required fields are marked *