Setting existing SSL certificate on an IIS website which uses hostheader - McMap

About

Setting existing SSL certificate on an IIS website which uses hostheader

Asked 3/10, 2016 at 23:19 Answered 4/10, 2016 at 9:16

Solved powershell iis ssl-certificate netsh

G

1

0

The idea is to automate linking an SSL certificate to a website in IIS 7 or above.

All the websites in a server use same IP address and same default port. So they are all differentiated by their host header names.

I could achieve this manually without any issue. But while automating there is issue.

When done manually, the ssl configuation entries in http.sys are recorded as HostNameport TestName:443, not as ipport xx.yy.z.a:443.

So I wanted to mimic the same manual steps for automation to work. But it is not helping.

I tried below steps.

Create a new ssl configuration in http.sys for hostname port combination with below command.

netsh --% http add sslcert hostnameport=Testssl:443 certhash=d70930bb790f89c04c728d9285b64f5fb0258fc7 appid={01010101-0101-0101-0101-010101010101} certstorename=MY

Create a new web binding for the website using hostheader name.

New-ItemProperty IIS:\sites\TestSite -name bindings -value @{protocol="https";bindingInformation="192.168.1.108:443:Testssl"}

or

New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108

With the above two steps the new binding is present, but the SSL certificate is not attached to the binding.

Is it not possible to set SSL certificate for a binding with a corresponding hostname port entry in http.sys ssl configuration?

Gemmell answered 3/10, 2016 at 23:19 Comment(6)

1. SNI does not work on IIS 7/7.5. 2. SNI binding requires the SNI flag to be set. – Margarine 4/10, 2016 at 0:18

Thank you. I have been trying on Windows 10 and Windows 2012 R2, which have higher versions than 7.5 using WebConfiguration Property and it does not work with it. I have tried with SNI flag with the value of 1. On executing I get no output. But also no changes. Commands used: Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[@name='Test']/bindings/binding[@protocol='https' and @bindingInformation='192.168.1.108:80:testssl']" -name "bindingInformation" -value "192.168.1.108:443:testssl" – Gemmell 4/10, 2016 at 7:38

Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[@name='Test']/bindings/binding[@protocol='https' and @bindingInformation='192.168.1.108:443:testssl']" -name "sslFlags" -value 1 – Gemmell 4/10, 2016 at 7:38

WORKS WITH New-WebBinding: But with New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108 -SslFlags 1 it works. – Gemmell 4/10, 2016 at 7:39

Post that as an answer and accept it. – Margarine 4/10, 2016 at 8:1

Okay. Will do. I could accept my own answer only after 2 days. Will do it after a couple of days. – Gemmell 4/10, 2016 at 9:17

G

0

With the help of comment from Lex Li, the below command WORKS.

New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108 -SslFlags 1

Gemmell answered 4/10, 2016 at 9:16 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.