0

The idea is to automate linking an SSL certificate to a website in IIS 7 or above.

All the websites in a server use same IP address and same default port. So they are all differentiated by their host header names.

I could achieve this manually without any issue. But while automating there is issue.

When done manually, the ssl configuation entries in http.sys are recorded as HostNameport TestName:443, not as ipport xx.yy.z.a:443.

So I wanted to mimic the same manual steps for automation to work. But it is not helping.

I tried below steps.

  1. Create a new ssl configuration in http.sys for hostname port combination with below command.

netsh --% http add sslcert hostnameport=Testssl:443 certhash=d70930bb790f89c04c728d9285b64f5fb0258fc7 appid={01010101-0101-0101-0101-010101010101} certstorename=MY

  1. Create a new web binding for the website using hostheader name.

    New-ItemProperty IIS:\sites\TestSite -name bindings -value @{protocol="https";bindingInformation="192.168.1.108:443:Testssl"}

    or

    New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108

With the above two steps the new binding is present, but the SSL certificate is not attached to the binding.

Is it not possible to set SSL certificate for a binding with a corresponding hostname port entry in http.sys ssl configuration?

Improve this question
6
  • 1. SNI does not work on IIS 7/7.5. 2. SNI binding requires the SNI flag to be set. Commented Oct 4, 2016 at 0:18
  • Thank you. I have been trying on Windows 10 and Windows 2012 R2, which have higher versions than 7.5 using WebConfiguration Property and it does not work with it. I have tried with SNI flag with the value of 1. On executing I get no output. But also no changes. Commands used: Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[@name='Test']/bindings/binding[@protocol='https' and @bindingInformation='192.168.1.108:80:testssl']" -name "bindingInformation" -value "192.168.1.108:443:testssl" Commented Oct 4, 2016 at 7:38
  • Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[@name='Test']/bindings/binding[@protocol='https' and @bindingInformation='192.168.1.108:443:testssl']" -name "sslFlags" -value 1 Commented Oct 4, 2016 at 7:38
  • WORKS WITH New-WebBinding: But with New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108 -SslFlags 1 it works. Commented Oct 4, 2016 at 7:39
  • 1
    Post that as an answer and accept it. Commented Oct 4, 2016 at 8:01

1 Answer 1

Reset to default
0

With the help of comment from Lex Li, the below command WORKS.

New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108 -SslFlags 1

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.