Last active
September 6, 2018 14:22
-
-
Save bluPhy/cff12477f9ae2bb75244a0db5cf58120 to your computer and use it in GitHub Desktop.
This script configures the FTPS Service in IIS to use client certificate authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' This is a Robert McMurray's script, all the credit goes to him :) | |
| ' https://blogs.msdn.microsoft.com/robert_mcmurray/2012/04/26/configuring-ftp-client-certificate-authentication-in-ftp-7/ | |
| ' | |
| ' Please change the following two variables before running it | |
| Set strSiteName = "FTP" | |
| Set strSserverCertHash = "884301293bad5ab538c0cfddcba7371cedfca647" | |
| Set adminManager = CreateObject("Microsoft.ApplicationHost.WritableAdminManager") | |
| adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST" | |
| Set sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST") | |
| Set sitesCollection = sitesSection.Collection | |
| siteElementPos = FindElement(sitesCollection, "site", Array("name", strSiteName )) | |
| If (addElementPos = -1) Then | |
| WScript.Echo "Element not found!" | |
| WScript.Quit | |
| End If | |
| Set siteElement = sitesCollection.Item(siteElementPos) | |
| Set ftpServerElement = siteElement.ChildElements.Item("ftpServer") | |
| Set securityElement = ftpServerElement.ChildElements.Item("security") | |
| Set sslClientCertificatesElement = securityElement.ChildElements.Item("sslClientCertificates") | |
| sslClientCertificatesElement.Properties.Item("clientCertificatePolicy").Value = "CertRequire" | |
| sslClientCertificatesElement.Properties.Item("useActiveDirectoryMapping").Value = True | |
| Set authenticationElement = securityElement.ChildElements.Item("authentication") | |
| Set clientCertAuthenticationElement = authenticationElement.ChildElements.Item("clientCertAuthentication") | |
| clientCertAuthenticationElement.Properties.Item("enabled").Value = True | |
| Set sslElement = securityElement.ChildElements.Item("ssl") | |
| sslElement.Properties.Item("serverCertHash").Value = strSserverCertHash | |
| sslElement.Properties.Item("controlChannelPolicy").Value = "SslRequire" | |
| sslElement.Properties.Item("dataChannelPolicy").Value = "SslRequire" | |
| adminManager.CommitChanges | |
| Function FindElement(collection, elementTagName, valuesToMatch) | |
| For i = 0 To CInt(collection.Count) - 1 | |
| Set element = collection.Item(i) | |
| If element.Name = elementTagName Then | |
| matches = True | |
| For iVal = 0 To UBound(valuesToMatch) Step 2 | |
| Set property = element.GetPropertyByName(valuesToMatch(iVal)) | |
| value = property.Value | |
| If Not IsNull(value) Then | |
| value = CStr(value) | |
| End If | |
| If Not value = CStr(valuesToMatch(iVal + 1)) Then | |
| matches = False | |
| Exit For | |
| End If | |
| Next | |
| If matches Then | |
| Exit For | |
| End If | |
| End If | |
| Next | |
| If matches Then | |
| FindElement = i | |
| Else | |
| FindElement = -1 | |
| End If | |
| End Function | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment