Internet Information Services
Microsoft web server software.
1,591 questions
NB: the NEWcertificate.pfx certificate has already been successfully imported into IIS
iis - ssl certificate replace with powershell
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 69%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
mc se
1
Reputation point
Hello everybody.
I have this situation:
IIS with many sites with an SSL certificate associated with it (OLDcertificate.pfx)
I have this goal:
exchange the SSL certificate associated on multiple sites in IIS (with the new NEWcertificate.pfx)
I would kindly ask if anyone can help me locate the commands to do this task with powershell.
At the moment I am trying with these commands:
Get-WebBinding
Get-ChildItem -Path Cert: LocalMachine \ MY
$ OLDCertificateThumbprint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$ NEWCertificateThumbprint = "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
Get-WebBinding | Where-Object {$ _. CertificateHash -eq $ OLDCertificateThumbprint} | ForEach-Object {Write-Host "Working on" $ _ $ _. RemoveSslCertificate () $ _. AddSslCertificate ($ NEWCertificateThumbprint, 'My')}
but it does not work.
thanks !
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 82%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Bruce Zhang-MSFT 3,736 Reputation points2022-04-14T02:27:35.607+00:00 Hi @mc se ,
but it does not work.
Is there any error message reported? If it cannot work, powershell will return some text with red color so that you can know what error is in the scripts.
I followed the scripts in this blog. It uses two commands to remove the binding of the old certificate and then add the binding of the new certificate, instead of performing two operations in one command. You'd better separate these two operations into two commands as well.
Get-Item IIS:\SslBindings\10.238.82.89!443 | Remove-Item get-item -Path "cert:\LocalMachine\My\$certShop" | new-item -path IIS:\SslBindings\10.238.82.89!443
Sign in to comment
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rahul Sonar 0 Reputation points2023-10-02T03:44:19.3866667+00:00 It replaces the certificate but all the other parameters like sslctlstorename, clientcertnegotiation goes away. How to keep all this existing information and only replcace the certificate