Setting up a web server with HTTPS can be a daunting task, but with PowerShell, we can automate the process and make it a breeze. In this article, we'll explore a PowerShell script that creates IIS websites and assigns self-signed SSL certificates to secure your web applications. PowerShell is a powerful scripting language that allows system administrators and developers to automate various tasks. In this script, we focus on automating the setup of IIS websites, complete with self-signed SSL certificates. The PowerShell Script # Function to set up IIS website with SSL certificate function Setup-IIS { [CmdletBinding()] Param ( [string]$sitename, [string[]]$hosts, [string]$path, [string]$certname ) Process { Write-Host "Creating SSL Certificate for: $sitename" # Generate a self-signed SSL certificate $cert = New-SelfSignedCertificate -DnsName $sitename -CertStoreLocation cert:\LocalMachine\My $hash = $cert.Thumbprint $mydocuments = [Environment]::GetFolderPath("MyDocuments") # Export and import the certificate Export-Certificate -Cert "cert:\LocalMachine\My\$hash" -FilePath "$mydocuments\$certname.cert" Import-Certificate -CertStoreLocation "cert:\LocalMachine\Root\" -FilePath "$mydocuments\$certname.cert" # Check if the website already exists $Site = Get-Website -Name $sitename -ErrorAction SilentlyContinue if ($Site -ne $null) { Write-Host "Removing Existing IIS Configuration for: $sitename" Remove-Website -Name $sitename Remove-WebAppPool -Name $sitename } Write-Host "Creating IIS Configuration for: $sitename" # Create a new application pool and website New-WebAppPool -Name $sitename -Force New-Website -Name $sitename -Port 443 -PhysicalPath $path -ApplicationPool $sitename -Force # Remove the empty binding that gets auto-created Remove-WebBinding -Name $sitename -Port 80 -Protocol http # Configure web bindings for each host foreach ($hostname in $hosts) { Write-Host "Configuring web binding for host: $hostname" New-WebBinding -Name $sitename -IP "*" -Port 80 -HostHeader $hostname if ($hostname -ne "*") { # Configure HTTPS binding and add SSL certificate New-WebBinding -Name $sitename -IP "*" -Port 443 -Protocol https -HostHeader $hostname -SslFlags 1 $binding = Get-WebBinding -Name $sitename -Protocol https $binding.AddSslCertificate($hash, "my") Write-Host "Upserting Host Entry for $hostname" Upsert-HostEntries -Hostname $hostname } else { # Configure HTTPS binding for the Default Web Site New-WebBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol https -HostHeader "*" $binding = Get-WebBinding -Name "Default Web Site" -Protocol https $binding.AddSslCertificate($hash, "my") } } } } # Placeholder function for upserting host entries function Upsert-HostEntries { param ( [string]$Hostname ) Write-Host "Upserting Host Entry for: $Hostname" $hostRecord = "127.0.0.1 " + $hostname If ((Get-Content "$($env:windir)\system32\Drivers\etc\hosts" ) -notcontains $hostRecord) { ac -Encoding UTF8 "$($env:windir)\system32\Drivers\etc\hosts" $hostRecord } } # Example usage: Setup-IIS -sitename "MySite" -hosts @("example.com", "www.example.com") -path "C:\MySite" -certname "MyCert" Explanation Let's break down the key components of the script: 1. **Creating SSL Certificate**: The script generates a self-signed SSL certificate using the `New-SelfSignedCertificate` cmdlet. 2. **Setting up IIS Configuration**: It checks if the website already exists and removes it if it does. Then, it creates a new application pool and website using `New-WebAppPool` and `New-Website` cmdlets. 3. **Configuring Web Bindings**: The script configures web bindings for both HTTP (Port 80) and HTTPS (Port 443) for each specified host. It also handles the special case of the default website. 4. **Upserting Host Entries**: The script calls a placeholder function `Upsert-HostEntries` to upsert host entries. This is a good place to add custom logic for managing host entries. With this PowerShell script, you can easily automate the setup of IIS websites with self-signed SSL certificates. Feel free to customize the script to fit your specific requirements and enhance it further based on your needs. Happy scripting!