0

The idea is to automate linking an SSL certificate to a website in IIS 7 or above.

All the websites in a server use same IP address and same default port. So they are all differentiated by their host header names.

I could achieve this manually without any issue. But while automating there is issue.

When done manually, the ssl configuation entries in http.sys are recorded as HostNameport TestName:443, not as ipport xx.yy.z.a:443.

So I wanted to mimic the same manual steps for automation to work. But it is not helping.

I tried below steps.

  1. Create a new ssl configuration in http.sys for hostname port combination with below command.

netsh --% http add sslcert hostnameport=Testssl:443 certhash=d70930bb790f89c04c728d9285b64f5fb0258fc7 appid={01010101-0101-0101-0101-010101010101} certstorename=MY

  1. Create a new web binding for the website using hostheader name.

    New-ItemProperty IIS:\sites\TestSite -name bindings -value @{protocol="https";bindingInformation="192.168.1.108:443:Testssl"}

    or

    New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108

With the above two steps the new binding is present, but the SSL certificate is not attached to the binding.

Is it not possible to set SSL certificate for a binding with a corresponding hostname port entry in http.sys ssl configuration?

Baskar Lingam Ramachandran
  • 617
  • 9
  • 25
  • 1. SNI does not work on IIS 7/7.5. 2. SNI binding requires the SNI flag to be set. – Lex Li Oct 04 '16 at 00:18
  • Thank you. I have been trying on Windows 10 and Windows 2012 R2, which have higher versions than 7.5 using WebConfiguration Property and it does not work with it. I have tried with SNI flag with the value of 1. On executing I get no output. But also no changes. **Commands used:** Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[@name='Test']/bindings/binding[@protocol='https' and @bindingInformation='192.168.1.108:80:testssl']" -name "bindingInformation" -value "192.168.1.108:443:testssl" – Baskar Lingam Ramachandran Oct 04 '16 at 07:38
  • Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[@name='Test']/bindings/binding[@protocol='https' and @bindingInformation='192.168.1.108:443:testssl']" -name "sslFlags" -value 1 – Baskar Lingam Ramachandran Oct 04 '16 at 07:38
  • WORKS WITH New-WebBinding: **But with New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108 -SslFlags 1 it works.** – Baskar Lingam Ramachandran Oct 04 '16 at 07:39
  • 1
    Post that as an answer and accept it. – Lex Li Oct 04 '16 at 08:01
  • Okay. Will do. I could accept my own answer only after 2 days. Will do it after a couple of days. – Baskar Lingam Ramachandran Oct 04 '16 at 09:17

1 Answers1

0

With the help of comment from Lex Li, the below command WORKS.

New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108 -SslFlags 1

Baskar Lingam Ramachandran
  • 617
  • 9
  • 25