1
Select Start > Windows Administrative Tools > Internet Information Services (IIS)
Manager.
2
In the Connections pane, expand the server node, expand Sites, and select the target
site. In the Actions pane, select Bindings….
3
Select [ Add… ] (or select an existing
https binding and [ Edit… ]) and
configure:- Type:
https - Port:
443 - Host name: the site FQDN (matching a SAN entry in the certificate)
- SSL certificate: select the certificate issued in the previous section
4
Select [ OK ], then [ Close ].
5
Restart IIS so the binding takes effect:
PowerShell
Bind from the command line (alternative)
You can also create the HTTPS binding from the command line withnetsh instead of IIS Manager. This is useful for scripted or repeatable deployments.
1
Add the site binding in IIS, then map the certificate to the port with
netsh. Use the
certificate’s thumbprint (the certhash) and the site’s application ID (the appid, a GUID):PowerShell
<CertificateThumbprint>is the certificate’s SHA-1 thumbprint with no spaces. Get it withGet-ChildItem Cert:\LocalMachine\My | Select-Object Subject, Thumbprint.<SiteAppIdGuid>is any GUID that identifies the binding owner. For IIS, use the site’s application pool or a generated GUID ([guid]::NewGuid()); record it so you can remove the binding later.certstorename=MYpointsnetshat the machine Personal store where you imported the certificate.
2
Confirm the binding:
PowerShell
The output lists your certificate hash and application ID for
0.0.0.0:443. Requests to the
site over HTTPS are now served with the CryptoHub-backed key.The
netsh and IIS Manager paths are alternatives; use one or the other for a given binding. IIS
Manager is the simpler choice for a single site, and netsh suits scripted deployments.
