Created
January 12, 2018 09:25
-
-
Save ukcoderj/cd5bd75915e71483c2e6f3914effbfe4 to your computer and use it in GitHub Desktop.
Import a pfx file and import to iis without powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd C:\Windows\System32\inetsrv | |
| certutil -f -p "pa$$word" -importpfx "C:\temp\mycert.pfx" | |
| REM The thumbprint is gained by installing the certificate, going to cert manager > personal, clicking on it, then getting the Thumbprint. | |
| REM appid can be any valid guid | |
| netsh http add sslcert ipport=0.0.0.0:443 certhash=5de934dc39cme0234098234098dd111111111115 appid={75B2A5EC-5FD8-4B89-A29F-E5D038D5E289} | |
| REM bind to all ip's with no domain. There are plenty of domain examples on the web | |
| appcmd set site "Default Web Site" /+bindings.[protocol='https',bindingInformation='*:443:'] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@echo off
setlocal enabledelayedexpansion
set domain=domain.com
set site=default web site
set issuer=cert issuer
set password=sslpass
set p12=c:\path\to\cert.pfx
REM MUST BE RUN AS ADMIN OR SCHEDULED AS SYSTEM!!!
REM DELETE EXISTING CERTS FOR THIS DOMAIN NAME
netsh http delete sslcert ipport=0.0.0.0:443
certutil -delstore my %domain%
REM IMPORT PFX OR P12
CERTUTIL -p %password% -ImportPfx %p12%
REM GET THUMBPRINT FROM IMPORTED CERTIFICATE SUPPLYING DOMAIN NAME AND ISSUER
for /F "usebackq tokens=1,2,3*" %%a in (certutil -store My %domain%) do (
if "%%a %%b %%c" == "Issuer: CN=!issuer!" (
set foundit=Yes
)
if [!foundit!]==[Yes] (
if [%%a]==[Cert] (
set thumbprint=%%c
)
)
)
REM appid can be any valid guid
netsh http add sslcert ipport=0.0.0.0:443 certhash=%thumbprint% appid={75B2A5EC-5FD8-4B89-A29F-E5D038D5E289}
REM IF NOT ALREADY BOUND, bind to all ip's with no domain. There are plenty of examples with domain binding on the web
for /F "usebackq delims=|" %%a in (%systemroot%\System32\inetsrv\appcmd list site "%site%") do (
set str=%%a
if [!str!]==[!str:43:%domain%=!] (
%systemroot%\System32\inetsrv\appcmd set site "%site%" /+bindings.[protocol='https',bindingInformation=':443:%domain%']
)
if [!str!]==[!str:43:.%domain%=!] (
%systemroot%\System32\inetsrv\appcmd set site "%site%" /+bindings.[protocol='https',bindingInformation=':443:.%domain%']
)
)
iisreset