Hi Everyone,
I’m trying to write a PowerShell script to export/import SSL certificates. I’ve two questions/issues around it :
Export :
QUESTION IS--> Although it is exporting fine,how come i make sure to include password in it ?
CODE IS BELOW :
Import-Module -Name WebAdministration Get-ChildItem -Path IIS:SSLBindings | ForEach-Object -Process ` { if ($_.Sites) { $certificate = Get-ChildItem -Path CERT:LocalMachine/My | Where-Object -Property Thumbprint -EQ -Value $_.Thumbprint [PsCustomObject]@{ Sites = $_.Sites.Value CertificateFriendlyName = $certificate.FriendlyName CertificateDnsNameList = $certificate.DnsNameList CertificateNotAfter = $certificate.NotAfter CertificateIssuer = $certificate.Issuer } } dir cert:\localmachine\my | Where-Object { $_.hasPrivateKey } | Foreach-Object { [system.IO.file]::WriteAllBytes("c:\$($_.Subject).pfx",($_.Export('PFX', 'secret')) ) } }
IMPORT :
Question2: The code is below which is giving me this error :
Cannot find an overload for "Import" and the argument count: "2". At line:11 char:1 + $pfx.Import($CertPath,"Exportable,PersistKeySet") + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodException + FullyQualifiedErrorId : MethodCountCouldNotFindBest Exception calling "Add" with "1" argument(s): "pCertContext is an invalid handle." At line:14 char:1 + $store.Add($pfx) + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CryptographicException
IMPORT CODE IS BELOW :
$CertPath = 'c:\Test.pfx' $SiteName = "DefaultAPP" $HostName = "localhost" $SiteFolder = Join-Path -Path 'C:\inetpub\wwwroot' -ChildPath $SiteName Write-Host 'Import pfx certificate' $certPath $certRootStore = “LocalMachine” $certStore = "My" $pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $pfx.Import($CertPath,"Exportable,PersistKeySet") $store = New-Object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore) $store.Open('ReadWrite') $store.Add($pfx) $store.Close() $certThumbprint = $pfx.Thumbprint Write-Host 'Add website' $SiteName New-WebSite -Name $SiteName -PhysicalPath $SiteFolder -Force $IISSite = "IIS:\Sites\$SiteName" Set-ItemProperty $IISSite -name Bindings -value @{protocol="https";bindingInformation="*:443:$HostName"} if($applicationPool) { Set-ItemProperty $IISSite -name ApplicationPool -value $applicationPool} Write-Host 'Bind certificate with Thumbprint' $certThumbprint $obj = get-webconfiguration "//sites/site[@name='$SiteName']" $binding = $obj.bindings.Collection[0] $method = $binding.Methods["AddSslCertificate"] $methodInstance = $method.CreateInstance() $methodInstance.Input.SetAttributeValue("certificateHash", $certThumbprint) $methodInstance.Input.SetAttributeValue("certificateStoreName", $certStore) $methodInstance.Execute()