First, let me point out that I'm NOT referring to the Default Site but the server's "Home" (as IIS refers to it). Thanks.
I have one public IP address and in IIS 3 websites and 2 FTP sites. Not a problem, thanks to named bindings. However, IIS is a little broken when it comes to "correctly" choosing the path/certificate on said named bindings. I can't remember the link I used but you must specify the FTP SSL certificate at "Home" level AND at site level in order to establish a secure FTP connection.
I use Certify to manage/renew my SSL certificates. Because of the above issue; I create a single certificate, which includes both subdomains, and update one FTP site. I then have a task that runs on success which pushes the new certificate to the other FTP site on completion (below is a copy of the file).
Import-Module WebAdministration
$configItem = 'ftpServer.security.ssl.serverCertHash'
$thumb = Get-ItemProperty "IIS:\Sites\FTP 1" -Name ftpServer.security.ssl.serverCertHash.Value
Set-ItemProperty "IIS:\Sites\Default Web Site" -Name $configItem -Value $thumb
Set-ItemProperty "IIS:\Sites\FTP 2" -Name $configItem -Value $thumb
As you can see it sets the FTP SSL certificate for the "Default Web Site" as well - just to attempt it as a fix. However, this is not what I need. What I need to do is set the top-level "Home" FTP SSL certificate from Powershell, which is navigable as shown below.
I tried searching for a command, tried a couple that I thought might work, but have been unsuccessful thus far.
Thanks in advance
CodePudding user response:
So, after a lot more rummaging, I managed to find a way to do it.
TLDR;
The new PowerShell script is:
Import-Module WebAdministration
$configItem = 'ftpServer.security.ssl.serverCertHash'
$thumb = Get-ItemProperty "IIS:\Sites\FTP 1" -Name ftpServer.security.ssl.serverCertHash.Value
Set-ItemProperty "IIS:\Sites\FTP 2" -Name $configItem -Value $thumb
C:\windows\system32\inetsrv\appcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.ssl.serverCertHash:"$thumb" /commit:apphost
So while researching I found a Microsoft article on FTP Over SSL, it mentions the applicationHost.config (also mentioned by @BruceZhang). After scrolling through that I found <siteDefaults>
which is just after the last </site>
. In there there was the a property for the SSL certificate (path "<ftpServer>
/<security>
/<ssl>
"). Some more rummaging and I found appcmd
which can be used to update this config file. Lo and behold, I produced the above (last line) updated PowerShell script.