« Previous 1 2 3 4
Securing and managing Microsoft IIS
The Right Tools
Self-Signed Certificates
For connection security, IIS also supports self-signed certificates with the New-SelfSignedCertificate cmdlet. To create a self-signed certificate for a web page (Figure 5), type:
New-SelfSignedCertificate -CertStoreLocation '<Cert:\LocalMachine\My>' -DnsName '<s2.joos.int>'
The certificate is then connected to the website and requires the fingerprint of the certificate, which is displayed during the create process:
$certPath = 'Cert:<\LocalMachine\My\> CEC247<...>CCC4' $providerPath = 'IIS:\SSLBindings\0.0.0.0!443' Get-Item $certPath | New-Item $providerPath
You can also check the bindings in IIS Manager or with Windows Admin Center. To do so, call up the settings of the website and check to see whether the certificate has been accepted and the settings have been set. In Windows Admin Center, you will find the options under Bindings .
IIS in Windows Server 2016 and 2019 also supports HTTP/2, and you can use wildcards for the host header:
New-WebBinding -Name "Default Web Site" -IPAddress "*" -Port 80 -HostHeader "*.contoso.com"
If you want to prevent the web server from advertising itself externally as an IIS 10 server, enter
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True"
to remove the server header.
Conclusions
IIS can be configured in several ways. Not surprisingly, PowerShell is one of them, which allows you to save actions as scripts and execute them repeatedly and, if necessary, automatically. The second common approach is from Windows Admin Center. IIS Manager, on the other hand, is no longer the tool of choice. Regardless of which tool you choose, the motto has to be: security first!
Infos
- IIS extension for Windows Admin Center: https://github.com/microsoft/IIS.Administration/releases
- URL Rewrite: https://www.iis.net/downloads/microsoft/url-rewrite
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Monitoring with System Center 2012 R2 Operations Manager
Put Operations Manager to work monitoring Active Directory, Exchange, and Hyper-V environments. -
Managing networks in Windows Server vNext
We look at a new component in Windows Server vNext – the Network Controller server role. -
Server update with Azure Update Management
Microsoft Azure Update Management automatically patches servers in on-premises data centers, virtual servers on Azure and other cloud services, and even Linux servers. -
Software-defined networking with Windows Server 2016
Windows Server 2016 takes a big step toward software-defined networking, with the Network Controller server role handling the centralized management, monitoring, and configuration of network devices and virtual networks. This service can also be controlled with PowerShell and is particularly interesting for Hyper-V infrastructures. -
Windows Server 2012 Tricks
Users of Windows Server 2012 will benefit from numerous innovations, especially in the areas of virtualization, high availability, and storage. In this article, we show you some tricks that make handling the new system much easier.