Configuring IIS 8.0 Centralized Certificate Store and PowerShell

Home > Blogs > PowerShell > Configuring IIS 8.0 Centralized Certificate Store and PowerShell

Configuring IIS 8.0 Centralized Certificate Store and PowerShell

Like This Blog 2 Jason Helmick
Added by March 29, 2013

IIS 8 has a new feature that greatly improves certificate management. Instead of installing certificates to every server and then trying to find them later to update them, IIS 8 has a centralized certificate store for all your certificates in one place.

The mechanics of this are great and it works amazingly well, so I encourage you to grab some background on this. For this blog, I want to address and issue of configuring the store on remote computers and what I had to do to make it work.

First, to install the centralized store to a remote computer:

PS> Invoke-Command -ComputerName Core1 {Install-WindowsFeature Web-CertProvider}

Once install, there are 6 cmdlet’s to enable and configure the store on each remote server.  Easy huh?  Well, not really. The first step is to enable the feature:

PS>Invoke-Command -ComputerName Core1 {Enable-WebCentralCertProvider -CertStoreLocation \\dc\WebCerts -UserName ‘company\certuser’ -Password P@ssw0rd -PrivateKeyPassword P@ssw0rd}

Unfortunately this breaks. See the store location?  The cmdlet “checks” to verify the store location, which in PowerShell terms creates a Multi-Hop issue.

It took me a couple of minutes to figure out a way around this, so here is what I did. The store can be enabled on the remote server in the registry:

PS> Invoke-Command -ComputerName Core1 {Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\IIS\CentralCertProvider\ -Name Enabled -Value 1}

Then I set the store location in the registry:

PS> Invoke-Command -ComputerName Core1 {Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\IIS\CentralCertProvider\ -Name CertStoreLocation -Value \\DC\WebCerts}

Then using the Set-WebCentralCertProvider cmdlet, I could set the username and password settings.

PS>Invoke-Command -ComputerName Core1 {Set-WebCentralCertProvider -UserName Company\certuser -Password P@ssw0rd -PrivateKeyPassword P@ssw0rd}

Worked like a charm!  I created new bindings for the websites and all my remote servers use the central store now.

Sometimes a cmdlet may not work properly over remoting, but with a little patience you can figure out a way!  Until next time,

Knowledge is PowerShell,

Jason Helmick
Systems Instructor
Interface Technical Training

Videos You May Like

Agile Methodology in Project Management

0 156 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Creating Users and Managing Passwords in Microsoft Office 365

0 675 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 630 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.