Home > Software engineering >  Change SERVER'S Home FTP SSL Certificate with Powershell
Change SERVER'S Home FTP SSL Certificate with Powershell

Time:11-05

First, let me point out that I'm NOT referring to the Default Site but the server's "Home" (as IIS refers to it). Thanks.


I have one public IP address and in IIS 3 websites and 2 FTP sites. Not a problem, thanks to named bindings. However, IIS is a little broken when it comes to "correctly" choosing the path/certificate on said named bindings. I can't remember the link I used but you must specify the FTP SSL certificate at "Home" level AND at site level in order to establish a secure FTP connection.

I use Certify to manage/renew my SSL certificates. Because of the above issue; I create a single certificate, which includes both subdomains, and update one FTP site. I then have a task that runs on success which pushes the new certificate to the other FTP site on completion (below is a copy of the file).

Import-Module WebAdministration
$configItem = 'ftpServer.security.ssl.serverCertHash'
$thumb = Get-ItemProperty "IIS:\Sites\FTP 1" -Name ftpServer.security.ssl.serverCertHash.Value
Set-ItemProperty "IIS:\Sites\Default Web Site" -Name $configItem -Value $thumb
Set-ItemProperty "IIS:\Sites\FTP 2" -Name $configItem -Value $thumb

As you can see it sets the FTP SSL certificate for the "Default Web Site" as well - just to attempt it as a fix. However, this is not what I need. What I need to do is set the top-level "Home" FTP SSL certificate from Powershell, which is navigable as shown below.

IIS navigation to the "Home" FTP SSL certificate

I tried searching for a command, tried a couple that I thought might work, but have been unsuccessful thus far.

Thanks in advance

CodePudding user response:

So, after a lot more rummaging, I managed to find a way to do it.

TLDR;

The new PowerShell script is:

Import-Module WebAdministration
$configItem = 'ftpServer.security.ssl.serverCertHash'
$thumb = Get-ItemProperty "IIS:\Sites\FTP 1" -Name ftpServer.security.ssl.serverCertHash.Value
Set-ItemProperty "IIS:\Sites\FTP 2" -Name $configItem -Value $thumb
C:\windows\system32\inetsrv\appcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.ssl.serverCertHash:"$thumb" /commit:apphost

So while researching I found a Microsoft article on FTP Over SSL, it mentions the applicationHost.config (also mentioned by @BruceZhang). After scrolling through that I found <siteDefaults> which is just after the last </site>. In there there was the a property for the SSL certificate (path "<ftpServer>/<security>/<ssl>"). Some more rummaging and I found appcmd which can be used to update this config file. Lo and behold, I produced the above (last line) updated PowerShell script.

  • Related