AppViewX Automates the SSL Certificate Cleanup on the IIS Server via PowerShell
SSL establishes an encrypted link between the browser and server. Whatever data is passed between these two, SSL ensures that it is private and secure.
Security certificates do expire, as they have validity. The expiry date is important for application security. The validity of the SSL Certificates that allows your web browser to understand the identity of the server.
Fixing expired certificates is a vital process that protects your site from theft and damage.
Problem statement:
Usually, organizations have to manually login to the windows server to find out the expired certificates which are installed on websites, expired certificates without site binding, and orphan certificates, and then clean up those certificates in the IIS server.
There are chances for manual error while deleting the SSL certificates which will end up in the application downtime.
This blog will explain how we can delete or automate SSL Certificate cleanup on the IIS Server by using AppViewX Visual Workflow (VW).
AppViewX is an end-to-end low-code network automation and orchestration solution. It handles high-level network operations like real-time monitoring and reporting, compliance and governance, context-aware troubleshooting and auto-remediation, and self-servicing capabilities.
IIS (Internet Information Services): The Web Server (IIS) role in Windows Server 2012 provides a secure, easy-to-manage, modular, and extensible platform for reliably hosting websites, services, and applications. With IIS 8 you can share information with users on the Internet, an intranet, or an extranet. IIS 8 is a unified web platform that integrates IIS, ASP.NET, FTP services, PHP, and Windows Communication Foundation (WCF).
How does this work
AppViewX Automates the SSL Certificate cleanup on the IIS Server via PowerShell
Solution Proposed:
· AppViewX handles the cleanup of the expired SSL certificates which are stored only in the personal store within the IIS server by using the PowerShell.
· Prior to deletion, the workflow will send notifications to the “application owners and certadmin “on the expired certificates associated with the sites.
· Once “application owners and certadmin” approves the request for deletion via email, then the workflow proceeds for the cleanup of expired certificates.
· All the required certificates will be deleted using the PowerShell command with the help of fingerprint.
· The fingerprint is the unique parameter to identify the certificates.
· Once the command is executed, it deletes the certificate from IIS devices.
· The workflow handles the certificate cleanup for both self-signed and CA signed certificates for the below use cases,
1. Delete expired certificates
2. Delete orphan certificates
3. Delete certificates which are installed on sites
IIS version:
· In the client environment, the current count of devices is 3K IIS servers.
(Existing IIS servers as well as new IIS servers).
· The IIS version would be 8 and 9
· The current IIS Window Servers version is Windows Server 2008 R2 — Server 2019
AppViewX uses the PowerShell commands to achieve the below scenarios:
· List the expired certificates which are associated with the site in the personal store
· Delete expired certificates which are stored in the personal store
· List the certificates which expires in the next 30 days from the personal certificate store
· List the certificates which are associated to the site in the personal store and display the days remaining until it expires
· Display the certificates which are associated with the site that will expire in the next 30 days
· List the site with binding details
· Command to stop site
· Display the thumbprint details of the certificates which are associated with the site in the personal store
Conclusion:
Achieved the use case of automating SSL Certificate cleanup on the IIS Server by using AppViewX Visual Workflow (VW).
