Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set Require SSL for an IIS web site using Powershell IISAdministration module on Windows 2016

Tags:

powershell

iis

windows-server-2016

On Windows 2016, trying to use the new IISAdministration module for Powershell (not WebAdministration), how do you set the Require Ssl checkbox for a specific web site?

Reference for system.webserver/security/access found in C:\Windows\System32\inetsrv\config\applicationHost.config which is where that checkbox value is saved when using IIS Manager, SSL Settings for a given website:

<location path="MySite">
    <system.webServer>
        <security>
            <access sslFlags="Ssl" />
        </security>
    </system.webServer>
</location>
like image 637
Thierry_S Avatar asked Dec 20 '17 15:12

Thierry_S

2 Answers

Answering my own question for posterity.

IISAdministration's New-IISSiteBinding cmdlet really confused me.

  1. To start with, this was not part of my default Windows 2016 (loaded from an aws image), so I had to update to IISAdministration 1.1 by first doing Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force and then Install-Module -Name IISAdministration -Force. You cannot use Update-Module as IISAdministration 1.0 wasn't installed with NuGet, it's part of Win 2016.

  2. Second, the SslFlag attribute on this has NOTHING to do with the SslFlags for Require Ssl. SslFlag on New-IISSiteBinding can be set to None, Sni, CentralCertStore. In IIS Manager, it is equivalent to clicking on a website, then Bindings link on the right, then Add/Edit, and the checkbox "Require Server Name Indication".

IISAdministration cmdlet Get-IISConfigSection is what's needed. The following code sets Require Ssl on a web site (equivalent in IIS Manager to clicking on a website, then SSL Settings icon, "Require SSL" checkbox):

Import-Module IISAdministration
$ConfigSection = Get-IISConfigSection -SectionPath "system.webServer/security/access" -Location "MyWebSite"
#to set:
Set-IISConfigAttributeValue -AttributeName sslFlags -AttributeValue Ssl -ConfigElement $ConfigSection
#to read:
Get-IISConfigAttributeValue -ConfigElement $ConfigSection -AttributeName sslFlags

These can be piped too. The possible values of this sslFlags are: None, Ssl, SslNegotiateCert, SslRequireCert, SslMapCert, Ssl128 (See Access Security access)

like image 186
Thierry_S Avatar answered Nov 01 '22 02:11

Thierry_S

For those that require a client certificate the appropriate setting is "Ssl, SslNegotiateCert, SslRequireCert"

    <system.webServer>
        <security>
            <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
        </security>
    </system.webServer>
like image 38
Michael Smale Avatar answered Nov 01 '22 02:11

Michael Smale
Sign in to Comment

Related questions

New-Item changes function return value
How to pass path with spaces to script
Get Azure storage blob url after uploading powershell
Creating functions dynamically in a module in PowerShell
Adding errors to build summary from PowerShell script running in VSTS
Setting InheritanceFlags vs PropagationFlags in Powershell
How to Source all powershell scripts from a directory
Powershell - What does if($variable) test for?
How to use a Websocket client to open a long-lived connection to a URL, using PowerShell V2?
Preserving hashtable order [duplicate]
PowerShell crashes on `if ( $? = $false )`
Capture response on failed/401 Invoke-WebRequest
Find duplicate values in one of the two columns in a text file
PowerShell Split string into variables [duplicate]
Remove percentages from robocopy log
How to Invoke-Expression to call a function or script with variables?
How do I define RequiredModules in a PowerShell module manifest (psd1)?
How to create global constant variables in PowerShell
How to change default scheduled task process priority in Windows
Check whether IIS is installed or not

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!