This isn't using IIS powershell comandlets, but I didn't see a better question to ask about old command-line utilities that are specific to IIS.
winhttpcertcfg.exe didn't work for me on Win8 to enable access to private key from IIS.
Didn't work:
.\winhttpcertcfg.exe -i .\mycert.pfx -p mypass -c LOCAL_MACHINE\MY -a IIS_IUSRS
Did Work:
$cryptoProv = 'Microsoft Enhanced RSA and AES Cryptographic Provider'
certutil.exe -f -p mypass -csp $cryptoProv -importpfx .\mycert.pfx
.\winhttpcertcfg.exe -g -c LOCAL_MACHINE\My -s service.mycompany.com -a IIS_IUSRS
So is anyone else having problems with' winhttpcertcfg.exe -i' on Win8? I am using a non-default crypto provider (Enhanced RSA), maybe that requires certutil.exe?
Should I be working with ACLs on the cert files directly? I found this post that uses a different set of command-line tools to find the cert files on disk, and set the ACLs at the file level. http://trycatchfail.com/blog/post/Setting-Certificate-Permissions-With-Powershell.aspx
Note: Cert is for XML encryption, not SSL, so new Centralized Certificate Store doesn't help me, IIUC.
winhttpcertcfg.exe didn't work for me on Win8 to enable access to private key from IIS.
Didn't work:
.\winhttpcertcfg.exe -i .\mycert.pfx -p mypass -c LOCAL_MACHINE\MY -a IIS_IUSRS
Did Work:
$cryptoProv = 'Microsoft Enhanced RSA and AES Cryptographic Provider'
certutil.exe -f -p mypass -csp $cryptoProv -importpfx .\mycert.pfx
.\winhttpcertcfg.exe -g -c LOCAL_MACHINE\My -s service.mycompany.com -a IIS_IUSRS
So is anyone else having problems with' winhttpcertcfg.exe -i' on Win8? I am using a non-default crypto provider (Enhanced RSA), maybe that requires certutil.exe?
Should I be working with ACLs on the cert files directly? I found this post that uses a different set of command-line tools to find the cert files on disk, and set the ACLs at the file level. http://trycatchfail.com/blog/post/Setting-Certificate-Permissions-With-Powershell.aspx
Note: Cert is for XML encryption, not SSL, so new Centralized Certificate Store doesn't help me, IIUC.