Securing and managing Microsoft IIS

The Right Tools

Self-Signed Certificates

For connection security, IIS also supports self-signed certificates with the New-SelfSignedCertificate cmdlet. To create a self-signed certificate for a web page (Figure 5), type:

New-SelfSignedCertificate -CertStoreLocation '<Cert:\LocalMachine\My>' -DnsName '<s2.joos.int>'

The certificate is then connected to the website and requires the fingerprint of the certificate, which is displayed during the create process:

$certPath = 'Cert:<\LocalMachine\My\> CEC247<...>CCC4'
$providerPath = 'IIS:\SSLBindings\0.0.0.0!443'
Get-Item $certPath | New-Item $providerPath

You can also check the bindings in IIS Manager or with Windows Admin Center. To do so, call up the settings of the website and check to see whether the certificate has been accepted and the settings have been set. In Windows Admin Center, you will find the options under Bindings .

IIS in Windows Server 2016 and 2019 also supports HTTP/2, and you can use wildcards for the host header:

New-WebBinding -Name "Default Web Site" -IPAddress "*" -Port 80 -HostHeader "*.contoso.com"

If you want to prevent the web server from advertising itself externally as an IIS 10 server, enter

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True"

to remove the server header.

Conclusions

IIS can be configured in several ways. Not surprisingly, PowerShell is one of them, which allows you to save actions as scripts and execute them repeatedly and, if necessary, automatically. The second common approach is from Windows Admin Center. IIS Manager, on the other hand, is no longer the tool of choice. Regardless of which tool you choose, the motto has to be: security first!

The Author

Thomas Joos is a freelance IT consultant and has been working in IT for more than 20 years. In addition, he writes hands-on books and papers on Windows and other Microsoft topics. Online you can meet him on http://thomasjoos.spaces.live.com.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=