10

I'm currently setting up auto scaling IIS webservers and need to automatically install and configure the following through a powershell script:

  • IIS
  • URLRewrite
  • Import SSL certificate
  • Configure a new website
  • Add new SSL bindings
  • Download my source code from a GIT repository

Regards

Liam

Liam Wheldon
  • 725
  • 1
  • 5
  • 19

2 Answers2

19

I just thought I'd share a powershell script that I put together with you all as I came across a situation with AWS ELB where I needed to install IIS, URL rewrite, git and clone the repository.

echo "Installing web-webserver"
powershell.exe add-windowsfeature web-webserver -includeallsubfeature -logpath $env:temp\webserver_addrole.log 
echo "Installing web-mgmt-tools"
powershell.exe add-windowsfeature web-mgmt-tools -includeallsubfeature -logpath $env:temp\mgmttools_addrole.log

echo "Creating C:\inetpub\wwwroot\example.com\"
$TestApplicationroot = Test-Path C:\inetpub\wwwroot\example.com
if (! $TestApplicationroot) {
    mkdir C:\inetpub\wwwroot\example.com
}

echo "GIT: Installing Chocolatey"
(new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1') | iex
echo "GIT: Installing Git"
cinst git
echo "GIT: Setting enviroment path"
$env:path += ";" + (Get-Item "Env:ProgramFiles(x86)").Value + "\Git\bin"
echo "GIT: Installing poshgit"
cinst poshgit
echo "GIT: Installing UrlRewrite"
cinst UrlRewrite
echo "GIT: Installing git-credential-winstore"
cinst git-credential-winstore

.\CredMan.ps1 -AddCred -Target 'git:https://gitrespos.org' -User 'TestApplication' -Pass 'TestApplicationPassword'

echo "GIT: Cloning TestApplication1 code"
cd C:\inetpub\wwwroot\example.com\
git clone "https://gitrespos.org/Username/TestApplication1.git"

import-module webadministration

echo "Creating new website"
new-website -name "example.com" -port 80 -physicalpath c:\inetpub\wwwroot\example.com -ApplicationPool ".NET v4.5" -force 

Echo "Importing SSL certificate"
$mypwd = ConvertTo-SecureString -String "SSLCertificate password" -Force –AsPlainText
Import-PfxCertificate –FilePath .\certificate.pfx cert:\localMachine\my -Password $mypwd
New-WebBinding -Name "example.com" -IP "*" -Port 443 -Protocol https

echo "Assigning SSL certificate"
cd IIS:\SslBindings
$cert = Get-Item cert:\LocalMachine\My\THUMB-OF-SSL-CERTIFICATE
$cert |New-Item 0.0.0.0!443

echo "Adding application pools TestApplication1"
New-Item 'IIS:\Sites\example.com\TestApplication1' -physicalPath "C:\inetpub\wwwroot\example.com\TestApplication1" -type Application

echo "Removing Default Web Site"
remove-website -name "Default Web Site"
Start-Sleep -s 10
echo "Starting example.com website"
start-website -name "example.com"

You can download CredMan.ps1 from the following link http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Credentials-d44c3cde

You'll need to first find the Thumb of your certificate on a server by running the following in powershell and note down the Thumbprint as it'll be the same on every server you import the certificate to.:

get-ChildItem cert:\LocalMachine\My

I hope that this is of help to some of you as it's taken me days to come up with having hit different issues along the way.

Machavity
  • 30,841
  • 27
  • 92
  • 100
Liam Wheldon
  • 725
  • 1
  • 5
  • 19
  • If looking for powershell scripts, can refer to the insides of the chocolatey package, eg: for [urlrewrite install](https://github.com/bcc/choco-packages/blob/master/urlrewrite/tools/chocolateyinstall.ps1) – Efren Oct 27 '21 at 04:51
14

Here is the complete code, import pfx, add iis website, add ssl binding:

$certPath = 'c:\cert.pfx'
$CertificatePassword = '1234'
$SiteName = "MySite"
$HostName = "localhost"
$SiteFolder = Join-Path -Path 'C:\inetpub\wwwroot' -ChildPath $SiteName


Write-Host 'Import pfx certificate' $certPath
$certRootStore = “LocalMachine”
$certStore = "My"
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($certPath,$CertificatePassword,"Exportable,PersistKeySet") 
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore) 
$store.Open('ReadWrite')
$store.Add($pfx) 
$store.Close() 
$certThumbprint = $pfx.Thumbprint


Write-Host 'Add website' $SiteName
New-WebSite -Name $SiteName -PhysicalPath $SiteFolder -Force
$IISSite = "IIS:\Sites\$SiteName"
Set-ItemProperty $IISSite -name  Bindings -value @{protocol="https";bindingInformation="*:443:$HostName"}
if($applicationPool) { Set-ItemProperty $IISSite -name  ApplicationPool -value $applicationPool}


Write-Host 'Bind certificate with Thumbprint' $certThumbprint
$obj = get-webconfiguration "//sites/site[@name='$SiteName']"
$binding = $obj.bindings.Collection[0]
$method = $binding.Methods["AddSslCertificate"]
$methodInstance = $method.CreateInstance()
$methodInstance.Input.SetAttributeValue("certificateHash", $certThumbprint)
$methodInstance.Input.SetAttributeValue("certificateStoreName", $certStore)
$methodInstance.Execute()
Aurel Havetta
  • 455
  • 4
  • 9
  • 3
    Thanks for this :) I made one change, since I had both http and https bindings, so the https binding was not always returned in Collection[0]. Replace the three lines starting with $obj, $binding, $method with these two lines: `$obj = Get-WebBinding $SiteName -Port 443` `$method = $obj.Methods["AddSslCertificate"]` – cometfish Jan 03 '17 at 03:02