Home » PowerShell » PowerShell Get IIS Certificate

PowerShell Get IIS Certificate

The Get-ChildItem cmdlet in PowerShell is used to get certificates from the cert location store. To get IIS certificates and IIS site binding SSL certificates, use the IIS:SSLBindings directory to query existing SSL certificate bindings.

To use IIS:SSLBindings directory with Get-ChildItem cmdlet, import module WebAdministration.

In this PowerShell script, we will discuss how to get all SSL bindings in IIS ( Internet Information Services) and SSL certificates associated with the IIS site.

PowerShell Script to Get ALL IIS Bindings and SSL Certificates

Use IIS:Bindings directory to query and get all SSL bindings in Internet Information Services (IIS).

Run the following PowerShell script to get all bindings in IIS and SSL certificates.

# Import module WebAdministration to use IIS:SSLBindings directory
Import-Module WebAdministration

# Query existing SSL bindings 
Get-ChildItem -Path IIS:SSLBindings | ForEach-Object {

    if ($_.Sites)
        # Get certificate that matches thumprint of certificate stored in My Store
        $iisCertificate = Get-ChildItem -Path CERT:LocalMachine\My |
            Where-Object Thumbprint -eq $_.Thumbprint

        # Create Custom Object to get all certificates details

            Site             = $_.Sites.Value
            FriendlyName      = $iisCertificate.FriendlyName
            DnsNameList       = $iisCertificate.DnsNameList
            ExpirationDate    = $iisCertificate.NotAfter
            StartDate         = $iisCertificate.NotBefore
            Issuer            = $iisCertificate.Issuer
            Subject           = $iisCertificate.Subject

In the above PowerShell script, the Get-ChildItem command queries into IIS:SSLBindings directory and retrieves all SSL bindings in IIS, and uses Foreach-Object to iterate each of the SSL bindings.

In the ForEach-Object loop, it checks if the site has value and checks the thumbprint of the IIS site certificate with SSL binding certificate which is stored in LocalMachine\My store.

Using the [PsCustomObject]@{}, it creates the custom object to store IIS site certificate details like Thumbprint, Issuer, Subject, and Expiration Date.

The output of the above PowerShell script to get the IIS certificate and SSL bindings are:

Site           : HMITest
FriendlyName   : HMITest
DnsNameList    : {localhost}
ExpirationDate : 01-12-2023 00:00:00
StartDate      : 31-01-2023 12:22:36
Issuer         : CN=localhost
Subject        : CN=localhost
PowerShell Get IIS Certificate and SSL Bindings
PowerShell Get IIS Certificate and SSL Bindings


I hope the above article on how to get an IIS certificate and SSL bindings using PowerShell script is helpful to you.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Recommended Article

How to create a self-signed certificate in PowerShell

How to bind a certificate to the IIS site

How to import the certificate to store using PowerShell

How to delete a self-signed certificate on the Windows operating system

Leave a Comment