Deploy to IIS from Web Hosting Store?

I’m having trouble with certificate deployment to a website from the Web Hosting store.

I have my certificate setup, and the process works flawlessly using the “Auto” deployment method to the Default Web Site in IIS. However, I’m wanting to deploy the certificate from the Web Hosting store instead of the Personal store.

I tried adding a deployment task to copy it to the Web Hosting store, but I think that process happens after the tool deploys the certificate to the default web site.

I just can’t figure out the flow of events I’d need to do to update the bindings and use the copy that is in the Web Hosting store. Anyone have any tips, or know how I can do this from the Certify tool?

You are correct, we do offer a Web Hosting store deployment via the Certificate Store but our automated binding etc is not aware of that and just uses the copy in the My/Personal certificate store.

Early on we looked at the difference between the stores in terms of .net support and the reasons for using them. Other than ill defined performance reasons mentioned in passing on the Microsoft website and ‘it sounds like the right place to put web certificates’, we didn’t actually find any concrete reason to support Web Hosting.

Around the time of introducing Deployment Tasks we did consider the possibility of giving everyone a default Certificate Store task and Deploy to IIS task, where they could configure specifics, instead of having the Auto deployment (which is a little opaque) but that hasn’t really happened so far.

So enabling it has just never been frequently requested. If you require it then it would be great to understand why, so we can prioritize support for that.

Hi webprofustion, thanks for that great insight. I’m working with a new software package that requests that the certificate be in the Web Hosting store. Having not been familiar with that store, I did some web searching and found the same lack of actual reasoning as to why it was better than the My/Personal store.

I pressed the vendor for the reasoning, and simply asked if we could use the personal store instead and they basically replied saying that I could, but would be “on my own” and that their official recommendation is to use the Web Hosting store. The site seems to work fine with it in the My/Personal store, but in order to be as compliant as I could I was going to see what I could do to get it deployed in the Web Hosting store.

As much as I’d love to see the integrated deployment tasks you mentioned, I may need to just figure out how to update the bindings using a powershell task. I tried doing some initial research on how to “update” the cert in IIS via powershell, but since I’m a little green with IIS, I was a little fearful of blindly following stackoverflow posts without understanding more on how to programatically update the certs.

Thanks, so does the software use an IIS website or does it run it’s own server that uses the certificate? Sometimes if you trace it all the way back it just that someone wrote the instructions and nobody else really knows why it says that what it says (so they can’t say otherwise).

If you are using Certify to update the IIS bindings and everything works then you are pretty much good to go, unless the software uses the certificate for something other than IIS, in which case it could still be relevant. You can use the deployment task to make sure there is a copy of the cert in the web hosting store, but it won’t (automatically) be the one used in IIS. You could script something as a deployment task to update the binding but I doubt that you really need to.

If there are public instructions for the software you could link them here and I’ll read up on it.

Sorry for the super late response, didn’t mean to ghost you there.

I got work back from the vendor that the personal store should be fine, and so far it’s been so good!

Thanks again for your thoughtful responses here :slight_smile:

No problem, the latest version actually does have the option to switch to using the Web Hosting store (under Settings), inspired by this thread and another support ticket asking the same.