将IIS SSL证书分配给使用PowerShell与主机头绑定 [英] Assign IIS SSL Certificate to Binding with Host Header using PowerShell
问题描述
我正在尝试将证书分配给HTTPS绑定。
不幸的是,我从PowerShell收到此错误:
I'm trying to assign a certificate to a HTTPS binding. Unfortunately, I get this error from PowerShell:
new-item : Cannot create a file when that file already exists
At line:3 char:56
+ get-item -Path "cert:\localmachine\my\$cert" | new-item -path IIS:\SslBi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-Item], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.PowerShell.Commands.NewItemCommand
我执行的PowerShell是:
My PowerShell which I execute is:
New-WebBinding -name $Name -Protocol https -HostHeader "$Name.domain.com" -Port 443 -SslFlags 1
$cert = Get-ChildItem -Path Cert:\LocalMachine\My | where-Object {$_.subject -like "*cloud.domain.com*"} | Select-Object -ExpandProperty Thumbprint
get-item -Path "cert:\localmachine\my\$cert" | new-item -path IIS:\SslBindings\0.0.0.0!443!$Name.domain.com
它似乎能够找到证书,但无法将其分配给创建的绑定。
使用正确的IP /端口/ HostHeader创建绑定,检查SNI,但未选择 SSL证书
It seems to be able to find the certificate, but is not able to assign it to the created binding. The binding gets created with the right IP/Port/HostHeader, SNI is checked, but SSL Certificate is "Not selected"
在IIS上一切正常经理
It all works fine from IIS Manager
我尝试了SO和其他网站的各种说明,例如:
http://technet.microsoft.com/en-us/magazine/jj871065.aspx
PowerShell IIS7管理单元将SSL证书分配给https绑定 < br>
Powershell-使用共享证书添加SSL绑定
I have tried various instructions from SO and other sites, e.g.:
http://technet.microsoft.com/en-us/magazine/jj871065.aspx
Powershell IIS7 Snap in Assign SSL certificate to https binding
Powershell - Add SSL binding using shared certificate
此外,我尝试使用
IIS:\SslBindings\0.0.0.0!443!$Name.domain.com
和
IIS:\SslBindings\0.0.0.0!443
证书具有 cloud.domain.com 主题,并具有多个SAN属性,例如**。domain.com *, domain.com ,**。seconddomain.com *, seconddomain.com , cloud.domain.com
The Certificate has a subject of cloud.domain.com, and multiple SAN attributes, e.g. for **.domain.com*, domain.com, **.seconddomain.com*, seconddomain.com, cloud.domain.com
编辑:
现在我正在使用这种方法,确实有效:
Right now I'm using this approach, which does work:
$guid = [guid]::NewGuid().ToString("B")
netsh http add sslcert hostnameport=$Name.domain.com:443 certhash=b58e54ca68c94f93c134c5da00a388ab0642a648 certstorename=MY appid="$guid"
但是我对没有 netsh / appcmd
推荐答案
现在我正在使用这种方法,它确实有效:
Right now I'm using this approach, which does work:
$guid = [guid]::NewGuid().ToString("B")
netsh http add sslcert hostnameport=$Name.domain.com:443 certhash=b58e54ca68c94f93c134c5da00a388ab0642a648 certstorename=MY appid="$guid"
这篇关于将IIS SSL证书分配给使用PowerShell与主机头绑定的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
