The Get-ChildItem cmdlet in PowerShell is used to get certificates from the cert location store. To get IIS certificates and IIS site binding SSL certificates, use the IIS:SSLBindings directory to query existing SSL certificate bindings.
To use IIS:SSLBindings directory with Get-ChildItem cmdlet, import module WebAdministration.
In this PowerShell script, we will discuss how to get all SSL bindings in IIS ( Internet Information Services) and SSL certificates associated with the IIS site.
PowerShell Script to Get ALL IIS Bindings and SSL Certificates
Use IIS:Bindings directory to query and get all SSL bindings in Internet Information Services (IIS).
Run the following PowerShell script to get all bindings in IIS and SSL certificates.
# Import module WebAdministration to use IIS:SSLBindings directory Import-Module WebAdministration # Query existing SSL bindings Get-ChildItem -Path IIS:SSLBindings | ForEach-Object { if ($_.Sites) { # Get certificate that matches thumprint of certificate stored in My Store $iisCertificate = Get-ChildItem -Path CERT:LocalMachine\My | Where-Object Thumbprint -eq $_.Thumbprint # Create Custom Object to get all certificates details [PsCustomObject]@{ Site = $_.Sites.Value FriendlyName = $iisCertificate.FriendlyName DnsNameList = $iisCertificate.DnsNameList ExpirationDate = $iisCertificate.NotAfter StartDate = $iisCertificate.NotBefore Issuer = $iisCertificate.Issuer Subject = $iisCertificate.Subject } } }
In the above PowerShell script, the Get-ChildItem command queries into IIS:SSLBindings directory and retrieves all SSL bindings in IIS, and uses Foreach-Object to iterate each of the SSL bindings.
In the ForEach-Object loop, it checks if the site has value and checks the thumbprint of the IIS site certificate with SSL binding certificate which is stored in LocalMachine\My
store.
Using the [PsCustomObject]@{}, it creates the custom object to store IIS site certificate details like Thumbprint, Issuer, Subject, and Expiration Date.
The output of the above PowerShell script to get the IIS certificate and SSL bindings are:
Site : HMITest
FriendlyName : HMITest
DnsNameList : {localhost}
ExpirationDate : 01-12-2023 00:00:00
StartDate : 31-01-2023 12:22:36
Issuer : CN=localhost
Subject : CN=localhost
Conclusion
I hope the above article on how to get an IIS certificate and SSL bindings using PowerShell script is helpful to you.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.
Recommended Article
How to create a self-signed certificate in PowerShell
How to bind a certificate to the IIS site
How to import the certificate to store using PowerShell
How to delete a self-signed certificate on the Windows operating system