SslWebBinding.psm1

#Requires -Version 3
#Requires -Modules WebAdministration, AdministratorRole, PKI
Set-StrictMode -Version:Latest

Import-Module WebAdministration

function New-SslWebBinding {
  param(
    [parameter(Mandatory = $true, position = 0)]
    [string]$siteName,
    [parameter(Mandatory = $false, position = 1)]
    [string[]]$hostHeader
  );

  Assert-AdministratorRole

  if (-not $hostHeader) {
    $hostHeader = @($siteName)
  }

  $hostHeader = $hostHeader | Select-Object -Unique

  $existingBindings = @($hostHeader | Foreach-Object { Get-WebBinding -Name:$siteName -HostHeader:$_ -Protocol:https })
  if ($existingBindings.Length -eq $hostHeader.Length) {
    foreach ($existingBinding in $existingBindings) {
      $domain = $existingBinding.bindingInformation -replace '^.*:.*:', ''
      Write-Warning "Binding for https://$domain to $siteName already exists"
    }
  }
  else {
    if ($existingBindings.Length -gt 0) {
      foreach ($existingBinding in $existingBindings) {
        $domain = $existingBinding.bindingInformation -replace '^.*:.*:', ''
        Write-Warning "Removing binding for https://$domain to $siteName"
        Remove-WebBinding -Name:$siteName -HostHeader:$domain -Protocol:https
      }
    }

    foreach ($domain in $hostHeader) {
      Write-Information "Adding binding for https://$domain to $siteName"
      New-WebBinding -Name:$siteName -HostHeader:$domain -Protocol:https -SslFlags:1
    }
  }

  $existingCertBindings = @($hostHeader | Foreach-Object { Get-Item -Path:"IIS:\SslBindings\!443!$_" -ErrorAction SilentlyContinue })
  if ($existingCertBindings.Length -eq $hostHeader.Length) {
    foreach ($existingBinding in $existingBindings) {
      $domain = $existingBinding.bindingInformation -replace '^.*:.*:', ''
      Write-Warning "Certificate binding for https://$domain already exists"
    }
  }
  else {
    if ($existingCertBindings.Length -gt 0) {
      foreach ($binding in $existingCertBindings) {
        Remove-Item -Path:"IIS:\SslBindings\!443!$($binding.Host)"
      }
    }

    $cert = New-SelfSignedCertificate -DnsName:$hostHeader -CertStoreLocation:'Cert:\LocalMachine\My'

    foreach ($domain in $hostHeader) {
      New-Item -Path:"IIS:\SslBindings\!443!$domain" -Value:$cert -SSLFlags:1
    }

    Write-Information "Trusting generated SSL certificate for $hostHeader" #based on https://stackoverflow.com/a/21001534
    $store = New-Object System.Security.Cryptography.X509Certificates.X509Store 'Root', 'CurrentUser'
    $store.Open('ReadWrite')
    $store.Add($cert)
    $store.Close()
  }

  <#
.SYNOPSIS
    Adds an HTTPS binding to a website in IIS
.DESCRIPTION
    Generates a new self-signed SSL certificate and associates it with a new HTTPS binding in the given site, adding the certificate to the trusted certificate store on this machine
.PARAMETER siteName
    The name of the site (the domain, folder name, and database name, e.g. dnn.local)
.PARAMETER hostHeader
    The host header(s) for which to add the binding and certificate. Defaults to $siteName
#>

}

function Remove-SslWebBinding {
  param(
    [parameter(Mandatory = $true, position = 0)]
    [string]$siteName,
    [parameter(Mandatory = $false, position = 1)]
    [string[]]$hostHeader
  );

  Assert-AdministratorRole

  if (-not $hostHeader) {
    $hostHeader = @($siteName)
  }

  foreach ($domain in $hostHeader) {
    Remove-Item -Path:"IIS:\SslBindings\!443!$domain" -ErrorAction:Continue
    Remove-WebBinding -Name:$siteName -HostHeader:$domain -Protocol:https -ErrorAction:Continue
  }

  <#
.SYNOPSIS
    Removes an HTTPS binding to a website in IIS
.DESCRIPTION
    Removes an HTTPS binding in the given site
.PARAMETER siteName
    The name of the site (the domain, folder name, and database name, e.g. dnn.local)
.PARAMETER hostHeader
    The host header(s) for which to remove the binding. Defaults to $siteName
#>

}

Export-ModuleMember New-SslWebBinding
Export-ModuleMember Remove-SslWebBinding