IIS 8.5 change bindings on bulk (due to SSL certificate renewal)

Question

I just renewed a Comodo Wildcard SSL certificate and I created the PFX in order to install it on my Windows Server 2012 R2 which is a VM on Microsoft Azure.

I use IIS 8.5 for all my websites which includes about 300 subdomains of the main domain name. So, the main domain is eg. example.com and all subdomains are like customer1.example.com, customer2.example.com, etc.

After I will install the renewed certificate, I will have to change the IIS binding for all of these subdomains as well to point to the new certificate.

I cannot find a way to do this without changing every single binding manually.

Is there any way to change all these bindings on bulk?

Answer 1

https://blogs.technet.microsoft.com/heyscriptingguy/2015/03/01/weekend-scripter-use-powershell-to-update-ssl-bindings/

The important part from that article is this:

get-item -Path "cert:\LocalMachine\My\$certShop" |
    new-item -path IIS:\SslBindings\10.238.82.89!443

Where $certShop is the thumbprint of the new certificate.

Answer 2

I installed the SSL certificate on my server and then I changed the binding via the IIS Manager to one site in order to test that everything's ok.

I got a prompt that the "old" certificate is linked to other sites as well and if I want to link the new one to all the other sites. I clicked Yes and then all of my sites that had the expiring certificate changed automatically to the new one.

Didn't know that it was that easy to change all binding at once. It seems that I won't use PowerShell for this job.

At least, I learned a few new PowerShell cmdlets and how to manage certificates better.

Thank you for your quick reply though.