IIS Certificate binding

[damienpontifex]

I was watching the ignite video and found myself here. There was a brief mention of certificates in that talk and maybe this could be a good place to bring it up.

I was looking for guidance on certificate management with IIS inside windows containers. This is what I'd got to thus far for my Dockerfile to use central certificate store and volume mapping a pfx secret for k8s into C:\inetpub\certs:

RUN $userPass = [guid]::newguid(); \
    # Admin user that can be used for enabling cert provider
    New-LocalUser -Name CertUser -Password (ConvertTo-SecureString $userPass -AsPlainText -Force); \
    Add-LocalGroupMember -Group Administrators -Member CertUser; \
    # Enable Central Certificate Store for IIS
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-CertProvider; \
    # Enable the central certificate store and tell it where certificates are stored
    New-Item -ItemType Directory -Path C:\inetpub\certs | Out-Null; \
    Enable-WebCentralCertProvider -CertStoreLocation C:\inetpub\certs -UserName CertUser -Password $userPass; \
    Import-Module WebAdministration; \
    # Add a central certificate store ssl binding for https
    New-WebBinding -Name 'Default Web Site' -SslFlags 3 -Protocol https -IP '*' -Port 443 -HostHeader '*'; \
    New-Item -Path IIS:\SslBindings\!443!* -SslFlags 3

This is still in development from my side and I'm still validating it's working state etc.

Guidance, tools or anything else that would enable us to have SSL on IIS in our container at runtime while potentially simplifying this would be a great resource.