Automating IIS Website Setup with PowerShell

A

Setting up a web server with HTTPS can be a daunting task, but with PowerShell, we can automate the process and make it a breeze. In this article, we’ll explore a PowerShell script that creates IIS websites and assigns self-signed SSL certificates to secure your web applications.

PowerShell is a powerful scripting language that allows system administrators and developers to automate various tasks. In this script, we focus on automating the setup of IIS websites, complete with self-signed SSL certificates.

The PowerShell Script

[code]
# Function to set up IIS website with SSL certificate
function Setup-IIS {
[CmdletBinding()]
Param (
[string]$sitename,
[string[]]$hosts,
[string]$path,
[string]$certname
)

Process {
Write-Host “Creating SSL Certificate for: $sitename”

# Generate a self-signed SSL certificate
$cert = New-SelfSignedCertificate -DnsName $sitename -CertStoreLocation cert:\LocalMachine\My
$hash = $cert.Thumbprint
$mydocuments = [Environment]::GetFolderPath(“MyDocuments”)

# Export and import the certificate
Export-Certificate -Cert “cert:\LocalMachine\My\$hash” -FilePath “$mydocuments\$certname.cert”
Import-Certificate -CertStoreLocation “cert:\LocalMachine\Root\” -FilePath “$mydocuments\$certname.cert”

# Check if the website already exists
$Site = Get-Website -Name $sitename -ErrorAction SilentlyContinue

if ($Site -ne $null) {
Write-Host “Removing Existing IIS Configuration for: $sitename”
Remove-Website -Name $sitename
Remove-WebAppPool -Name $sitename
}

Write-Host “Creating IIS Configuration for: $sitename”
# Create a new application pool and website
New-WebAppPool -Name $sitename -Force
New-Website -Name $sitename -Port 443 -PhysicalPath $path -ApplicationPool $sitename -Force

# Remove the empty binding that gets auto-created
Remove-WebBinding -Name $sitename -Port 80 -Protocol http

# Configure web bindings for each host
foreach ($hostname in $hosts) {
Write-Host “Configuring web binding for host: $hostname”

New-WebBinding -Name $sitename -IP “*” -Port 80 -HostHeader $hostname

if ($hostname -ne “*”) {
# Configure HTTPS binding and add SSL certificate
New-WebBinding -Name $sitename -IP “*” -Port 443 -Protocol https -HostHeader $hostname -SslFlags 1

$binding = Get-WebBinding -Name $sitename -Protocol https
$binding.AddSslCertificate($hash, “my”)

Write-Host “Upserting Host Entry for $hostname”
Upsert-HostEntries -Hostname $hostname
} else {
# Configure HTTPS binding for the Default Web Site
New-WebBinding -Name “Default Web Site” -IP “*” -Port 443 -Protocol https -HostHeader “*”

$binding = Get-WebBinding -Name “Default Web Site” -Protocol https
$binding.AddSslCertificate($hash, “my”)
}
}
}
}

# Placeholder function for upserting host entries
function Upsert-HostEntries {
param (
[string]$Hostname
)

Write-Host “Upserting Host Entry for: $Hostname”

$hostRecord = “127.0.0.1 ” + $hostname
If ((Get-Content “$($env:windir)\system32\Drivers\etc\hosts” ) -notcontains $hostRecord)
{
ac -Encoding UTF8 “$($env:windir)\system32\Drivers\etc\hosts” $hostRecord
}
}

# Example usage:
Setup-IIS -sitename “MySite” -hosts @(“example.com”, “www.example.com”) -path “C:\MySite” -certname “MyCert”
[/code]

Explanation

Let’s break down the key components of the script:

1. **Creating SSL Certificate**: The script generates a self-signed SSL certificate using the `New-SelfSignedCertificate` cmdlet.

2. **Setting up IIS Configuration**: It checks if the website already exists and removes it if it does. Then, it creates a new application pool and website using `New-WebAppPool` and `New-Website` cmdlets.

3. **Configuring Web Bindings**: The script configures web bindings for both HTTP (Port 80) and HTTPS (Port 443) for each specified host. It also handles the special case of the default website.

4. **Upserting Host Entries**: The script calls a placeholder function `Upsert-HostEntries` to upsert host entries. This is a good place to add custom logic for managing host entries.

With this PowerShell script, you can easily automate the setup of IIS websites with self-signed SSL certificates. Feel free to customize the script to fit your specific requirements and enhance it further based on your needs.

Happy scripting!

About the author

By Jamie

My Books