Archive,  IIS

How to export IIS .config and .key files at the command line

Handy for a batch maintenance operation a customer had to run on a few hundreds servers: they basically needed to do what’s described in this article but in a script rather than from the IIS GUI.

From Shared Configuration (Appendix 3):

By default, IIS includes two main providers for securing properties. These providers are located in the applicationHost.config file’s <configProtectedData> configuration section and are defined in the <providers> element. The AesProvider is specific to dealing with encryption and decryption for properties that are in the system.webServer section. The IISWASOnlyRsaProvider is specific to dealing with encryption and decryption for properties that are in the system.applicationHost section. These keys are in the iisConfigurationKey and iisWasKey key containers and are machine-specific. In a Web farm scenario, if encryption is required, then a key from one machine – usually the one that created the applicationHost.config file – is exported and brought into the other machines so that secure properties can be decrypted and used by the Web server

So just copy the .config files from “C:\Windows\System32\Inetsrv\config” and use aspnet_regiis –px to export the Keys:

aspnet_regiis -px “iisConfigurationKey” “D:\iisConfigurationKey.xml” -pri

To import the Keys on another machine run the following:

aspnet_regiis -pi “iisConfigurationKey” “D:\iisConfigurationKey.xml”

The parameter after the -pi is the name of the key container to be imported. In this case, it is the “iisConfigurationKey” key container. The other key container that IIS uses is the “iisWasKey” key container.

 

Carlo

The difference between the right word and the almost right word is the difference between lightning and a lightning bug.

Mark Twain

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.