Setting up a web server with HTTPS can be a daunting task, but with PowerShell, we can automate the process and make it a breeze. In this article, we’ll explore a PowerShell script that creates IIS websites and assigns self-signed SSL certificates to secure your web applications.
PowerShell is a powerful scripting language that allows system administrators and developers to automate various tasks. In this script, we focus on automating the setup of IIS websites, complete with self-signed SSL certificates.
The PowerShell Script
[code]
# Function to set up IIS website with SSL certificate
function Setup-IIS {
[CmdletBinding()]
Param (
[string]$sitename,
[string[]]$hosts,
[string]$path,
[string]$certname
)
Process {
Write-Host “Creating SSL Certificate for: $sitename”
# Generate a self-signed SSL certificate
$cert = New-SelfSignedCertificate -DnsName $sitename -CertStoreLocation cert:\LocalMachine\My
$hash = $cert.Thumbprint
$mydocuments = [Environment]::GetFolderPath(“MyDocuments”)
# Export and import the certificate
Export-Certificate -Cert “cert:\LocalMachine\My\$hash” -FilePath “$mydocuments\$certname.cert”
Import-Certificate -CertStoreLocation “cert:\LocalMachine\Root\” -FilePath “$mydocuments\$certname.cert”
# Check if the website already exists
$Site = Get-Website -Name $sitename -ErrorAction SilentlyContinue
if ($Site -ne $null) {
Write-Host “Removing Existing IIS Configuration for: $sitename”
Remove-Website -Name $sitename
Remove-WebAppPool -Name $sitename
}
Write-Host “Creating IIS Configuration for: $sitename”
# Create a new application pool and website
New-WebAppPool -Name $sitename -Force
New-Website -Name $sitename -Port 443 -PhysicalPath $path -ApplicationPool $sitename -Force
# Remove the empty binding that gets auto-created
Remove-WebBinding -Name $sitename -Port 80 -Protocol http
# Configure web bindings for each host
foreach ($hostname in $hosts) {
Write-Host “Configuring web binding for host: $hostname”
New-WebBinding -Name $sitename -IP “*” -Port 80 -HostHeader $hostname
if ($hostname -ne “*”) {
# Configure HTTPS binding and add SSL certificate
New-WebBinding -Name $sitename -IP “*” -Port 443 -Protocol https -HostHeader $hostname -SslFlags 1
$binding = Get-WebBinding -Name $sitename -Protocol https
$binding.AddSslCertificate($hash, “my”)
Write-Host “Upserting Host Entry for $hostname”
Upsert-HostEntries -Hostname $hostname
} else {
# Configure HTTPS binding for the Default Web Site
New-WebBinding -Name “Default Web Site” -IP “*” -Port 443 -Protocol https -HostHeader “*”
$binding = Get-WebBinding -Name “Default Web Site” -Protocol https
$binding.AddSslCertificate($hash, “my”)
}
}
}
}
# Placeholder function for upserting host entries
function Upsert-HostEntries {
param (
[string]$Hostname
)
Write-Host “Upserting Host Entry for: $Hostname”
$hostRecord = “127.0.0.1 ” + $hostname
If ((Get-Content “$($env:windir)\system32\Drivers\etc\hosts” ) -notcontains $hostRecord)
{
ac -Encoding UTF8 “$($env:windir)\system32\Drivers\etc\hosts” $hostRecord
}
}
# Example usage:
Setup-IIS -sitename “MySite” -hosts @(“example.com”, “www.example.com”) -path “C:\MySite” -certname “MyCert”
[/code]
Explanation
Let’s break down the key components of the script:
1. **Creating SSL Certificate**: The script generates a self-signed SSL certificate using the `New-SelfSignedCertificate` cmdlet.
2. **Setting up IIS Configuration**: It checks if the website already exists and removes it if it does. Then, it creates a new application pool and website using `New-WebAppPool` and `New-Website` cmdlets.
3. **Configuring Web Bindings**: The script configures web bindings for both HTTP (Port 80) and HTTPS (Port 443) for each specified host. It also handles the special case of the default website.
4. **Upserting Host Entries**: The script calls a placeholder function `Upsert-HostEntries` to upsert host entries. This is a good place to add custom logic for managing host entries.
With this PowerShell script, you can easily automate the setup of IIS websites with self-signed SSL certificates. Feel free to customize the script to fit your specific requirements and enhance it further based on your needs.
Happy scripting!