Update multiple SSL certificate site bindings in IIS in one go

If you have to deal with updating SSL certificates in IIS then you probably know how much of a pain it can be if you have lots of sites and bindings that all use the same certificate. I found a really simple PowerShell script that can go through and match the thumbprint of your old certificate on all bindings in IIS and replace them with the thumbprint of your new certificate! This is particularly useful if you have a wildcard multi-domain certificate that you can use on all sites regardless of hostname!

Open up a PowerShell window with administrative rights then enter the following commands. Obviously you will need to replace the thumbprint values below with yours.

The first one will set a variable for the old certificate

$OLDCertificateThumbprint = "123456789abcdefgh1a2b3c4d5e6f7g8h9a1a1a1"

The second will set a variable for the old certificate

$NEWCertificateThumbprint = "7a3b5a1g1a6a2j2a262a3343a333a5a64a4a4a4a"

The following will show bindings where the old certificate is in use

Get-WebBinding | Where-Object { $_.certificateHash -eq $OLDCertificateThumbprint} | Format-Table

This will select bindings where the old certificate is in use and switch it to the new certificate

Get-WebBinding | Where-Object { $_.certificateHash -eq $OLDCertificateThumbprint} | ForEach-Object {
Write-Host "Working on" $_
$_.RemoveSslCertificate()
$_.AddSslCertificate($NEWCertificateThumbprint, 'My')
}

Once the script above has completed you can use this to show bindings where the new certificate is in use

Get-WebBinding | Where-Object { $_.certificateHash -eq $NEWCertificateThumbprint}

Now that everything has been updated you can go into IIS to check it out.  Big thank you to the following people here and here for providing these solutions.

Leave a Reply