Home / server / Questions / 385180
Accepted
Peter Hahndorf
Asked: 2012-05-02 23:38:44 +0800 CST

How to assign an different SSL certificate for the IIS7+ Management Service on Server-Core?

  • 772

When installing the Management service for IIS7+ a self-signed SSL certificate is created and assigned, it has the name 'WMSvc-ComputerName'.

In the GUI version I can change this to a different 'proper' certificate installed on the server, so it is trusted by remote clients.

The GUI module for the Management Service is not available when connecting to the server remotely.

So I need to change it using the command line on the server itself. How do I do this?

Solution in PowerShell:, (thanks to Mathias R. Jessen)

# get the thumbprint for the certificate we want to use:
$thumb = (Get-ChildItem cert:\LocalMachine\MY | where-object { $_.FriendlyName -eq   "www.stackoverflow.com" } | Select-Object -First 1).Thumbprint
# get a new guid:
$guid = [guid]::NewGuid()

# remove the self-signed certificate:
& netsh http delete sslcert ipport=0.0.0.0:8172
# add the 'proper' certificate:
& netsh http add sslcert ipport=0.0.0.0:8172 certhash=$thumb appid=`{$guid`}
iis-7 windows-server-core

1 Answers

  1. Best Answer

    Import the certificate using certutil:

    certutil -importpfx [Path to certificate file]

    Add the HTTPS binding to the site with appcmd:

    appcmd set site "Default Web Site" /+bindings.[protocol='https',bindingInformation='*:443:']

    Add the SSL Certificate to the endpoint with netsh:

    netsh http add sslcert ipport=0.0.0.0:443 certhash=[thumbprint of certificate] appid={[random GUID]}
    • 3