« Previous 1 2 3 4
Securing and managing Microsoft IIS
The Right Tools
Self-Signed Certificates
For connection security, IIS also supports self-signed certificates with the New-SelfSignedCertificate
cmdlet. To create a self-signed certificate for a web page (Figure 5), type:
New-SelfSignedCertificate -CertStoreLocation '<Cert:\LocalMachine\My>' -DnsName '<s2.joos.int>'
The certificate is then connected to the website and requires the fingerprint of the certificate, which is displayed during the create process:
$certPath = 'Cert:<\LocalMachine\My\> CEC247<...>CCC4' $providerPath = 'IIS:\SSLBindings\0.0.0.0!443' Get-Item $certPath | New-Item $providerPath
You can also check the bindings in IIS Manager or with Windows Admin Center. To do so, call up the settings of the website and check to see whether the certificate has been accepted and the settings have been set. In Windows Admin Center, you will find the options under Bindings .
IIS in Windows Server 2016 and 2019 also supports HTTP/2, and you can use wildcards for the host header:
New-WebBinding -Name "Default Web Site" -IPAddress "*" -Port 80 -HostHeader "*.contoso.com"
If you want to prevent the web server from advertising itself externally as an IIS 10 server, enter
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True"
to remove the server header.
Conclusions
IIS can be configured in several ways. Not surprisingly, PowerShell is one of them, which allows you to save actions as scripts and execute them repeatedly and, if necessary, automatically. The second common approach is from Windows Admin Center. IIS Manager, on the other hand, is no longer the tool of choice. Regardless of which tool you choose, the motto has to be: security first!
Infos
- IIS extension for Windows Admin Center: https://github.com/microsoft/IIS.Administration/releases
- URL Rewrite: https://www.iis.net/downloads/microsoft/url-rewrite
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)