IIS

  1. On the certificate holistic view, click Add Connector.
  2. Enter the General Information for the connector.
    Table 1. Field descriptions for the connector General Information
    Field Description
    *Category From the dropdown list, select Server.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the category selected at the time of certificate enrollment.
    *Vendor From the dropdown list, select IIS.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the vendor selected at the time of certificate enrollment.
    *Connector Name Enter a name for this connector, to be able to identify it later.
    Tip: AppViewX recommends naming connectors according to use cases so they are easily distinguishable.
    Description Enter any additional details you want to record for this connector.
    *Push Certificate Type Select from the following options:
    • Push Certificate

      You can only push certificates to the Certificate store or Centralized File System.

    • Push and Bind Certificate

      You can push a certificate to the Certificate store and bind it to the IIS site.
    Based on the information entered here, the Server selection section is populated with the list of available IIS devices already onboarded in AppViewX.
  3. To select the device(s) to which the certificate will be pushed, under Server selection, from the list of Available Devices, click .
    The Selected devices list is updated automatically.
  4. Enter the Certificate Details.
    Table 2. Field descriptions for the Certificate Details
    Field Description
    Location Type From the following options, select where the certificate to be pushed is located:
    • Certificate Store: A repository that stores certificates and their associated keys
    • Centralized file system: A file server that stores certificate files
    Certificate Store This option is displayed only when Location Type = Certificate Store.

    Within the certificate store, select the location where the certificates are stored from the following options:

    • Personal store: A location where user-specific certificates, such as those used for encryption and authentication, are stored
    • Web hosting store: A location where certificates used for web server configurations are stored
    *Friendly name Enter the certificate friendly name assigned in the CSR generated for requesting/enrolling the certificate
    Push Root and Intermediate Certificates To push the root and intermediate certificates, along with the end certificate, select this checkbox.
    *Bind type
    Note: This field is displayed when the Push Certificate Type is selected as Push and Bind Certificate.

    To manage the SSL/TLS certificates for websites, select a bind type from the following options:

    • Update Certificate Only: Update the SSL/TLS certificate used by an existing site binding on the web server. It replaces the current certificate with a new one without modifying any other settings associated with the site binding (such as the hostname or port).
    • Update Site Binding: Update the SSL/TLS settings for an existing site binding on the web server. It allows you to update not only the certificate but also other settings associated with the site binding, such as the hostname, port, and SSL/TLS protocol settings.
    • Create New Site Binding: Create a new site binding on the web server for the specified hostname, port, and IP address (if applicable) and associates it with the specified SSL/TLS certificate. This is typically used when you want to add a new website or domain to the web server and configure SSL/TLS settings for it.
    Note:

    When pushing certificates , the system now automatically selects the appropriate PKCS12 encryption algorithm based on the target Windows Server version:

    • Windows Server 2016 and earlier: Uses TripleDES encryption for compatibility
    • Windows Server 2019 and later: Uses the encryption algorithm from General Settings
  5. Enter the Push Details.
    Table 3. Field descriptions for the Push Details
    Field Description
    *Script Location Script files are commonly used to perform certain tasks required to be completed before and/or after a certificate is pushed to the target system.

    The script to be run before the certificate is pushed is called a pre-push script and the script to be run after the push is called a post-push script.

    From the following options, select the location of the script file(s):

    • In AppViewX
    • In Device
    Pre - Push Script File Name Enter the file name of the pre-push script.
    Important: Read the pre and push script usage instructions here.
    Pre - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the pre-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Name Enter the file name of the post push script.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the post-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Overwrite The Overwrite option is used to specify if existing certificates on the target system will be overwritten with the certificate being pushed.

    If this option is enabled, the certificate being pushed will overwrite any existing certificates with the same identifier on the target system. This will also ensure that only the latest version of the certificate is available on the target system.

    If it is disabled, the push operation will fail in the event of conflicts with the certificates on the target system.

    Note: Overwrite option is disabled by default for Microsoft IIS.
    Push Automatically To automatically push the certificate after it is renewed/reissued to the target system, enable this checkbox.
    Note: The auto push feature for a certificate works only if enabled for the certificate application connector as well the associated certificate group. To enable this feature at the certificate group level, refer the instructions here.
    Secure Push The Secure Push option ensures that the certificate is pushed to the target system securely, protected from any unauthorized access.
  6. Click Save.
    The connector is displayed on the certificate holistic view.