• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 914
  • Last Modified:

Add a certificate to IIS global "Server Certificates" list using PowerShell?


Been surfing the web for an example on how to add a certificate to the "global" IIS "Server Certificates" list using PowerShell but to no luck. I already have code in place on how to tie / associate a specific website with a specific cert but not how to add the new .cer file using the "Complete Certificate Request..." wizard using PowerShell.... I dont expect the final code to become published but if someone had an idea on how to integrate / get an entry point on where to interact between the "Server Certificate" list in IIS and POSH I would be super happy! :|
I am runnign IIS on a Windows 2008R2 x64 Standard Edition if that helps..... of course, I would settle for an CLI if there is no other way, but POSH is of course the way to go! :)
Thanks for the help in advance guys, take care!
  • 5
  • 3
1 Solution
Meir RivkinFull stack Software EngineerCommented:
Meir RivkinFull stack Software EngineerCommented:
please check jgovednik post here:

KandiumAuthor Commented:
We are wanting to add a *.cer file and not a *.pfx file, but yes... the function below does work with a pfx file.

function Add-SSLCertificate{

$certMgr = New-Object -ComObject IIS.CertObj -ErrorAction SilentlyContinue 

Import-Module WebAdministration;
New-WebBinding -Name $siteName -Port 443 -Protocol https -HostHeader $hostHeader 

Open in new window

Also - Yes, we have explored the IIS PowerShell Snap-in and could not find anything to work natively.

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Meir RivkinFull stack Software EngineerCommented:
what i'd is convert *.pfx to *.cer format either by certificate manager in Windows Management Console or using pvkimprt tool:
and then using the powershell script above.

also check the following link:
Meir RivkinFull stack Software EngineerCommented:

did u get any progress with your issue?
do u need any further help?

KandiumAuthor Commented:

The tool specified "pvkimprt" does not exist in Windows Server 2008R2 and doing it graphically isn't a solution we are looking for, we need this to be done all through scripting.

We are now also talking to Microsoft for a solution for this one as well and the question has been escalated.

Thanks again!
Meir RivkinFull stack Software EngineerCommented:
well, i used this tool in server2008R2, you can download it from here http://www.microsoft.com/download/en/details.aspx?id=6563
also check this post which describes how to create Code Signing Certificate on Windows Server 2008 with OpenSSL and pvkimprt.

>>doing it graphically isn't a solution we are looking for
what do u mean?

you can have the powershell script run the pvkimprt and passing required parameters in command line, make the conversion and running the rest of the script. so basically you got it all in a single PS script.
KandiumAuthor Commented:
Thanks segwick, that solution will work and we will use it since we have not heard back from MS
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now