Just a heads-up that the new-ish CA for creating a self-signed certificate appears to result in a cert that has no trusted root, so IIS will not render a website bound to it.
A simple fix is to create a PowerShell task to create the cert correctly:
Code: Select all
$myFQDN = [System.Net.Dns]::GetHostByName($env:computerName).hostname
$cert = New-SelfSignedCertificate -DnsName "$myFQDN" -CertStoreLocation "cert:\LocalMachine\My"
$DestStore = new-object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::Root,"localmachine")
$DestStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$DestStore.Add($cert)
$DestStore.Close()
$Thumbprint = $cert | Select-Object Thumbprint -expandproperty Thumbprint
AI_SetMsiProperty MY_CERTIFICATE $Thumbprint