Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
The following PowerShell snippet can be used to quickly install an SSL (or TLS) certificate in Windows Server. It assumes you have a PFX file and its password. The default location is Cert:\LocalMachine\My, to use for IIS websites.
The following PowerShell snippet can be used to quickly install an SSL (or TLS) certificate in Windows Server. It assumes you have a PFX file and its password. The default location is Cert:\LocalMachine\My
, to use for IIS websites.
In this script you have to adjust a few bits for every certificate you install, so use it as a base or starting point for your own scripting. After importing the certificate, it also changes the .FriendlyName
visible in MMC and IIS Manager, doing so you always know exactly which certificate you need to select. Neat, right? >:-)
#
# Install SSL certificate in Windows with PowerShell
#
$certificatename = "CHANGEME.pfx"
$mypwd = Get-Credential -UserName "${certificatename} SSL cert" -Message 'Enter password below'
$params = @{
FilePath = \\TSCLIENT\C\Users\Jan\SSL\${certificatename}
CertStoreLocation = 'Cert:\LocalMachine\My'
Password = $mypwd.Password
}
$cert = Import-PfxCertificate @params
[string]$thumbprint = $cert.Thumbprint
(Get-ChildItem -Path Cert:\LocalMachine\My\${thumbprint}).FriendlyName = "${certificatename} 2024"
A couple of things happen here:
Get-Credential
to store the certificate password into a variable. This way, the SSL/TLS certificate password is not stored in your PowerShell history file.\\TSCLIENT
share to point to my local computer. Doing so allows me to have certificates stored at one location on my computer (because you know, clients always sent them by email), and use the RDP share to transfer the certificate to the server. At last we define the Certificate Store location (as displayed: Cert:\LocalMachine\My
) and the password.Import-PfxCertificate
, which in its turn saves the object into $cert
and this allows us to change its .FriendlyName
property.You can find more information about Import-PfxCertificate on Microsoft Learn and the code shown above is also available as a Gist: https://gist.github.com/Digiover/a2db4125efb069d62a8fedcd23212103.
Psst, did you know you can use certutil -v -dump certificate_name.pfx
to look up and verify an SSL certificate’s Common Name (Subject) and Subject Alternative Name (SAN)? Or in PowerShell, you can use:
Get-PfxCertificate certificate_name.pfx | Select-Object Subject,DnsNameList