Migrating SSL Certificates

[DeaconFrost]

I have two web servers in an HA pair that have roughly 60+ SSL certificates installed. We're planning to replace these with Server 2019 (possibly 2022) equivalents.

Does anyone know of a application or script that would help me avoid doing this manually? Most of the certs have passwords. I've done this on a small scale by exporting a list from the old servers and manually installing them, which isn't a big deal for 5-10 certs.

 

[djoye]

Might be time to familiarize yourself with PowerShell if you're not already. I couldn't find any tools designed for this, but it can be done with PowerShell, however, that requires knowledge of PowerShell.

High-level overview of what I would do:

1. Create a CSV file or a table with headers in PowerShell containing the cert paths (ex: D::\certs\whatever.pfx), the cert store location (Personal, Web, etc.) where you want them to reside, the password, and any other information. Use Import-CSV to import the CSV data into a variable.
2. I would then use a loop with Import-PfxCertificate to read through the table and feed the parameters to Import-PfxCertificate. The import cmdlet only appears to accept secure passwords, so you'd need to figure out how to secure the passwords as you import them.
3. If you then need to bind the certs to IIS sites, that can also likely be done with PowerShell in a similar fashion using PowerShell IIS commands.