Wednesday, March 12, 2025

Bulk Update IIS SSL Bindings Certificate update

Q: The customer called with a server with multiple IIS sites each with secure bindings using an SSL Certificate that will expire soon. How can they automate updating the bindings on each site?

A: Using this Powershell script, found online, they can run it locally from an elevated Powershell window / or remote script utility.  Identify the SSL Thumbprint of the expiring certificate as well as the new certificate.  Update lines 2 & 3 accordingly then run it.


# Define Variables
$OldThumbprint = "########################################"
$NewThumbprint = "########################################"

# Search all bindings for old thumprint and replace with newthumbprint
Get-WebBinding | Where-Object { $_.certificateHash -eq $OldThumbprint} | ForEach-Object {
Write-Host "Replacing Cert For " $_
$_.RemoveSslCertificate()
$_.AddSslCertificate($NewThumbprint, 'My')
}

No comments:

Post a Comment