Configuring IIS 8.0 Centralized Certificate Store and PowerShell

Home > Blogs > PowerShell > Configuring IIS 8.0 Centralized Certificate Store and PowerShell

Configuring IIS 8.0 Centralized Certificate Store and PowerShell

Like This Blog 2 Jason Helmick
Added by March 29, 2013

IIS 8 has a new feature that greatly improves certificate management. Instead of installing certificates to every server and then trying to find them later to update them, IIS 8 has a centralized certificate store for all your certificates in one place.

The mechanics of this are great and it works amazingly well, so I encourage you to grab some background on this. For this blog, I want to address and issue of configuring the store on remote computers and what I had to do to make it work.

First, to install the centralized store to a remote computer:

PS> Invoke-Command -ComputerName Core1 {Install-WindowsFeature Web-CertProvider}

Once install, there are 6 cmdlet’s to enable and configure the store on each remote server.  Easy huh?  Well, not really. The first step is to enable the feature:

PS>Invoke-Command -ComputerName Core1 {Enable-WebCentralCertProvider -CertStoreLocation \\dc\WebCerts -UserName ‘company\certuser’ -Password P@ssw0rd -PrivateKeyPassword P@ssw0rd}

Unfortunately this breaks. See the store location?  The cmdlet “checks” to verify the store location, which in PowerShell terms creates a Multi-Hop issue.

It took me a couple of minutes to figure out a way around this, so here is what I did. The store can be enabled on the remote server in the registry:

PS> Invoke-Command -ComputerName Core1 {Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\IIS\CentralCertProvider\ -Name Enabled -Value 1}

Then I set the store location in the registry:

PS> Invoke-Command -ComputerName Core1 {Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\IIS\CentralCertProvider\ -Name CertStoreLocation -Value \\DC\WebCerts}

Then using the Set-WebCentralCertProvider cmdlet, I could set the username and password settings.

PS>Invoke-Command -ComputerName Core1 {Set-WebCentralCertProvider -UserName Company\certuser -Password P@ssw0rd -PrivateKeyPassword P@ssw0rd}

Worked like a charm!  I created new bindings for the websites and all my remote servers use the central store now.

Sometimes a cmdlet may not work properly over remoting, but with a little patience you can figure out a way!  Until next time,

Knowledge is PowerShell,

Jason Helmick
Systems Instructor
Interface Technical Training

Videos You May Like

A Simple Introduction to Cisco CML2

0 3638 0

Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2

Creating Dynamic DNS in Network Environments

0 542 1

This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader teaches how to create Dynamic DNS zones in Network Environments. Video Transcription: Now that we’ve installed DNS, we’ve created our DNS zones, the next step is now, how do we produce those … Continue reading Creating Dynamic DNS in Network Environments

Configuring Windows Mobility Center and How to Turn it On and Off

1 1402 1

Video transcription Steve Fullmer: In our Windows training courses, we often share information about the Windows 8.1 Mobility Center. Mobility Center was introduced for mobile and laptop devices in Windows 7. It’s present and somewhat enhanced in Windows 8. Since we don’t have mobile devices in our classrooms, I decided to take a little bit … Continue reading Configuring Windows Mobility Center and How to Turn it On and Off

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.