Home / server / Questions / 660587
Accepted
Chris
Asked: 2015-01-20 02:47:41 +0800 CST

How to get a list of sites in IIS 7.5 binded to a certain ssl certificate using command line

  • 772

Situation: an IIS 7.5 server with 30+ sites and 10+ certificates and a few certificates may be obsolete. Obsolete means they're not binded to the ip:port of any site on IIS.

I could check each site bindings through the GUI, but that seems not the fastest way.

With what command(s) can I get a list of sites using a certain certificate given its common name like *.example.com. I think I need at least netsh http show sslcert, but that output only shows the certificate hash and no site names.

windows-server-2008-r2

1 Answers

  1. Best Answer

    I'm using the following PowerShell script to look at all certs on the box and for each try to find it in the IIS SSL bindings.

    import-module WebAdministration

ls cert:\LocalMachine\my | select * | foreach {

  $found = $false
  $tp = $_.Thumbprint

  ls IIS:\SslBindings | Foreach {
    if ($_.Thumbprint -eq $tp)
    {
      Write-Host "Used in $($_.IpAddress) $($_.Host)"
      $found = $true
    }    
  }
  if ($found)
  {
    Write-Host $tp -foregroundcolor green
    Write-Host $_.Subject -foregroundcolor green
    Write-Host $_.NotAfter -foregroundcolor green
  }
  else
  {
    Write-Host "Not in use"
    Write-Host $tp -foregroundcolor red
    Write-Host $_.Subject -foregroundcolor red
    Write-Host $_.NotAfter -foregroundcolor red
  }
  Write-Host "***************************************************************"
}
    • 8