摘要:How to configure SSL on IIS7 under Windows 2008 Server Core(轉載)
Due to the popularity of Windows 2008 Server Core I have seen frequently questions about how to configure SSL on IIS7 with only command-line. Since I wandered that path few months back I thought of putting this article/guide together.
There are 3 simple steps involved
1. Importing the Certificate into relevant Certificate Store
If you have a .CER file
certutil –addstore MY test-cert.cer
OR
If you have .PFX file
certutil -importpfx <filename.pfx>
OR
Create and Import test certificate using MakeCert.EXE (which comes with Visual Studio SDK Tools)
makecert -r -pe -n "CN=sukhyper-v" -b 01/01/2008 -e 01/01/2010 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
2. Configure SSL with HTTP.SYS (command below should be entered on a single line)
netsh http add sslcert ipport=0.0.0.0:443 certstorename=MY certhash=b63293e9c24f7fda4c671beac4a0eff29e0d3b52
appid={5a599f4f-02dc-4120-8646-74fcbc5b4827}
appid can be any unique GUID but I used ‘Key Container’ value of the certificate for ease of use!
|
Output of certutil –store MY |
3. Add HTTPS binding on the website using this certificate
appcmd set site “Default Web Site” /+bindings.[protocol=’https’, bindingInformation=’*:443:’]
Other related commands
Enforce SSL for the site with 128bit
appcmd set config "Default Web Site" -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
Add SSL Binding in IIS
appcmd set site "Default Web Site" /+bindings.[protocol='https',bindingInformation='*:443:']
Remove SSL Binding in IIS
appcmd set site "Default Web Site" /-bindings.[protocol='https',bindingInformation='*:443:']
Show Certificate endpoint from HTTP.SYS
netsh http show sslcert
Delete Certificate endpoint from HTTP.SYS
netsh http delete sslcert ipport=0.0.0.0:443
View Certificate Store
certutil -store MY
View Certificate Store with UI
certutil -viewstore MY
人生到處知何似
應似飛鴻踏雪泥