How to update an IIS SSL certificate for an existing website using command line and PowerShell

If you need to install a new certificate on a web server that does not have a GUI (Server Core), you will need to update the current SSL certificate via command line and powershell. There are most likely more ways to do this than this method, but I find this works well for me.

1. First, if you need a new certificate, you need a new CSR. You DO NOT have to create the CSR on the server that will use the certificate. Use ANY IIS server to create and complete a new certificate request. Ensure you use 2048 bit certificates.

2. Purchase a certificate from a trusted certificate authority. I prefer

3. Once you have your certificate it will be downloadable as a ZIP file. It will contain .cer files. In order to install the certificate (firstly onto our GUI IIS server) we need it to be in the .pfx format, as this format lets us store the certificate's private key within it. Extract the certificates, and in IIS, complete the certificate request and select the certificate that's named - You should store the certificate in the "WebHosting" section if prompted.

4. Next, the certificate is installed, but in the wrong server. So we need to export it. Run MMC.exe, File, Add/Remove Snapins / Add the Certificates snap in, select computer account. Find the imported certificate. 

5. Export the certificate, right click, All Tasks, Export. Select .PFX format. Ensure you tick the "Make Private Key Exportable". You will be required to set a password against the certificate to protect the private key. Save the Certificate and then copy it to your IIS server (which has no GUI i.e. server core). 

6. Next we need to install the certificate with PowerShell.

PS C:\>$mypwd = Get-Credential -UserName 'Enter password below' -Message 'Enter password below'

PS C:\>Import-PfxCertificate -FilePath C:\mypfx.pfx -CertStoreLocation Cert:\LocalMachine\WebHosting -Password $mypwd.Password

7. Next we need to update the certificate on the existing binding:

We'll need to know the thumbprint of the certificate and the AppID of the website. I like to change to powershell in core, because it's good for parsing results in a readable format. Run PowerShell.exe then navigate to:

PS Cert:\LocalMachine\WebHosting\>


dir | fl

You should be able to identify the certificate you have installed. Grab the Thumbprint.

8. Next we need the AppID - Run:

netsh http show sslcert

Find the AppID for your website you want to replace the SSL certificate for.

9. Next we use the AppID and Thumbprint to use the new certificate with the website - Note You need to EXIT from PowerShell before running this command - run this in CMD:

netsh http update sslcert certhash=C4FA12345678923618B90972707121345678988811 appid={4ab64e81-e14b-4a21-b022-59fc66abcd64} certstorename=WebHosting

10. - DONE! 

URL Rewrite rule to remove .php from URLs

URL Rewrite rule to remove .php from URLs 

    <rule name="Redirect .php extension" stopProcessing="false">
      <match url="^(.*).php$" ignoreCase="true" />
    <conditions logicalGrouping="MatchAny">
      <add input="{URL}" pattern="(.*).php$" ignoreCase="false" />
      <action type="Redirect" url="{R:1}" redirectType="Permanent" />
    <rule name="hide .php extension" stopProcessing="true">
      <match url="^(.*)$" ignoreCase="true" />
      <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
      <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
      <add input="{REQUEST_FILENAME}.php" matchType="IsFile" />
      <action type="Rewrite" url="{R:0}.php" />

How to Move/Restore a Magento installation from one IIS server to another

There are loads of guides online for doing this but only for Apache web servers. It describes it in all manors for every other system other than IIS and MySQL. Here's a step by step guide to achieving this.

Current configuration
Magento 1.9.x.x running on IIS 8.5 with MySQL.

To export the Website and copy it to another IIS server with MySQL (either to make it Live to take a copy of the live website for testing).

How to do it
1. In IIS select your Magento website and Export the application to a ZIP file.
2. You will need to export the database from MySQL. To do this if you have not already, install MySQL Workbench. From here you can export your Magento database into a .sql file.
In MySQL Workbench login to your instance, then click Server > Data Export. For me, I exported to a singe .sql file.

3. Now you have a full backup of your website, on the target server you need to ensure the pre-requisites for Magento are installed. The easiest way to do this is to use the Web Platform Installer. Just use it to set up a Magento store, then remove that store from IIS once set up. This will install all the PHP, CGI and all the modules that Magento requires . You will also want to install MySQL Workbench to import the database later. You can also remove the database that was just created when installing Magento to keep your instance clean.

4. Now we have a server that has all the pre-requisites we can copy the .sql file and the .zip file we exported earlier to the new server.

5. Open MySQL Workbench and Import the database. The password for your instance on this server will be whatever you set it up with when you installed Magento in the previous steps. When you name the database, name it the same as the source database.  You will need to create a user in your new instance to match that of the source database. If you don't know the old details this is where you can find them:

6. Once imported open the "core_ config_ data" table and fine the web/unsecure/base_url and web/secure/base_url rows.
These need to be changed to whatever DNS name you will give the site on the new server (including the http:// part). If they are not changed when trying to access the website you'll be re-directed back to whatever the current value of these fields are.

7.Now that database is ready, go to IIS, create a new Site and configure the basics.
 a. Bindings
 b. Root Directory
 c. Credentials to the root directory (and test them).
 d. Finally, Import the ZIP file we exported earlier.

8. Next we need to modify the application to point to the new database instance and use the correct username and password for the database using the information collected in step 5.
In the new IIS Magento folder structure open /App/etc/Local.xml and /App/etc/config.xml.

9. Before you can access the website you'll need to delete everything in /Var/Cache/

10. Set up any required DNS records to point to the new site.

11. You should now be able to visit the new site. If you have issues with Magento errors, try this:

  1. Navigate to the "errors" folder.
  2. Change local.xml.sample to local.xml
  3. You should now see a new list of crazy errors all over the Magento page - this is okay.
  4. Open magento/lib/Zend/Cache/Backend/File.php and look for:
    protected $_options = array(
    'cache_dir' => 'null',
  5. Change it to:
    protected $_options = array(
    'cache_dir' => 'tmp/',
  6. Save it.
  7. Now the final step is to go create a tmp folder in the root Magento folder.
  8. That's it.
12. Finally - When I did this I got some 500 erros when first trying to access the page. This was because the web.config file from my export contained Modules that were not installed on the target server. To resolve this I simply removed the <Modules> section from the target servers site lever web.config file.

I hope this is useful to someone.

Diagnosing generic IIS Errors such as "server error in '/' application"

Sometimes web browsers will only show you a generic error that could mean absolutely anything. If you enable IIS logs and look at those you may find out what the issue is if the problem is with the IIS server - but if the problem is in the application code this won't show in IIS logs. 

There are two steps to getting the error information you need.

1. In Internet Explorer you need to disable Friendly HTTP Errors. Press <Windows>+R and type inetcpl.cpl > Advanced > Untick "Show friendly HTTP error messages".

If you are not the website administrator this is as far as you can go.
2. Back up your web sites web.config file.  
3. Open up the website's web.config file. Find the <system.web> tag and within this find <customErrors

Remove this whole tag and replace it with:

<customErrors mode="Off">

Remember to click 'Save'.

Error: Line 284 in web.config: Pages on BlogEngine wont load after installing MySQL

I was receiving this error on my website after installing MySQL on the same server.

Line 282:    <siteMap>
Line 283:      <providers>
Line 284:        <add name="MySqlSiteMapProvider" type="MySql.Web.SiteMap.MySqlSiteMapProvider, MySql.Web, Version=, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" applicationName="/" />
Line 285:      </providers>
Line 286:    </siteMap>

To Resolve the issue, I had to:

1. Run MySQL installer
2. Select "Connector/NET" and click Modify

3. Uncheck "Providers"
4. Next

This should solve the issue. Upon reading about this it seems MySQL takes over when you install it when this option is checked. I'm no web developer but this was the solution!