IIS and Server Name Indication (SNI)

Got a problem you cannot solve? Try here.
msandford
Posts: 3
Joined: Sat Nov 21, 2020 7:22 pm

IIS and Server Name Indication (SNI)

Postby msandford » Sat Nov 21, 2020 7:36 pm

Hi All,

Is there any way when creating bindings in IIS to tick the option 'Require Server Name Indication' (screenshot below) - I cannot seem to find a way to do this in the UI of installware.

bindings.png
bindings.png (15.65 KiB) Viewed 102 times


I thought I would try and work around this by instead using a PowerShell script (see below), but for reasons I cannot figure out, the script will not work - it creates the SSL certificate fine, but will not create the binding and assign the certificate. If I run this same script manually in PowerShell ISE, it works perfectly.

Would anyone have any ideas how to do this in Installaware UI, or why the PowerShell script will not execute properly?

#Variables for user to set
$PortNumber = "443"
$HostName = "testserver01.mydomain.com"

$HostName = $HostName.ToLower()
$OS = Get-WMIObject Win32_OperatingSystem | select-object Caption

# Import Module
Import-Module WebAdministration

# Remove Certificate if one already exists of the same name
Get-ChildItem Cert:\LocalMachine\My -DnsName $HostName | remove-item -force -erroraction silentlycontinue
Remove-Item -path "IIS:\SslBindings\*!$PortNumber!$Hostname" -force -erroraction silentlycontinue
Get-WebBinding -Port $PortNumber -Name "passwordstate" | Remove-WebBinding

# Create the SSL Certificate, using different commands depending on which version of Operating System is installed.
if ($OS -like '*8*' -or $OS -like '*2012*')
{
$cert = New-SelfSignedCertificate -DnsName $HostName -CertStoreLocation Cert:\LocalMachine\My
}
else
{
$StartDate = '01/01/' + (Get-Date).Year
$EndDate = '01/01/' + (Get-Date).AddYears(5).Year
$cert = New-SelfSignedCertificate -DnsName $HostName -CertStoreLocation Cert:\LocalMachine\My -FriendlyName $HostName -NotBefore $StartDate -NotAfter $EndDate
}

$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open("MaxAllowed")
$rootStore.Add($cert)
$rootStore.Close()

Start-Sleep -s 1

# Create a new web binding in IIS
New-WebBinding -Name 'passwordstate' -HostHeader $Hostname -IPAddress * -Port $PortNumber -Protocol https -SslFlags 1

# Assign the certificate to the binding
New-Item -Path "IIS:\SslBindings\*!$PortNumber!$Hostname" -Value $cert -SSLFlags 1

Regards
Mark

FrancescoT
Site Admin
Posts: 5087
Joined: Sun Aug 22, 2010 4:28 am

Re: IIS and Server Name Indication (SNI)

Postby FrancescoT » Mon Nov 23, 2020 1:06 pm

How did run your ps script from IA script? Did you use "Run Program" command?
Francesco Toscano
InstallAware Software

White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE

msandford
Posts: 3
Joined: Sat Nov 21, 2020 7:22 pm

Re: IIS and Server Name Indication (SNI)

Postby msandford » Mon Nov 23, 2020 3:41 pm

Hello Fransesco,

Yes, I used the Run Program syntax below. I know the script is running, as it's creating the self signed certificate. It's just not executing the other New-WebBinding and New-Item commands.

Thanks very much for your help so far.

runprogram.png
runprogram.png (12.83 KiB) Viewed 83 times


Regards
Mark

FrancescoT
Site Admin
Posts: 5087
Joined: Sun Aug 22, 2010 4:28 am

Re: IIS and Server Name Indication (SNI)

Postby FrancescoT » Tue Nov 24, 2020 1:17 pm

mmm ...very strange indeed.

Can you do a try with omitting the "Hide Program Window" flag?
This should leave visible the Powershell Console Window while executing the "Run Program" command.
Probably, the console window will also report some more details about the nature of the problem.
Francesco Toscano
InstallAware Software

White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE

msandford
Posts: 3
Joined: Sat Nov 21, 2020 7:22 pm

Re: IIS and Server Name Indication (SNI)

Postby msandford » Tue Nov 24, 2020 6:35 pm

Hi Francesco,

Thanks for the suggestion, and it helped me figure out what the issue was.

I was getting errors like "New-Item : Cannot retrieve the dynamic parameters for the cmdlet", which ended up being related to the version of PowerShell being executed - as Installaware is a 32-bit app, it was executing the 32-bit version of PowerShell.

So I had to change my Run Command to the following, so it would execute the 64-bit version.

$WINDIR$\\Sysnative\\WindowsPowerShell\\v1.0\\powershell.exe

Thanks again for your help.

Regards
Mark

FrancescoT
Site Admin
Posts: 5087
Joined: Sun Aug 22, 2010 4:28 am

Re: IIS and Server Name Indication (SNI)

Postby FrancescoT » Wed Nov 25, 2020 1:57 pm

Happy you solved!
Francesco Toscano
InstallAware Software

White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE


Return to “Technical Support”

Who is online

Users browsing this forum: Google [Bot] and 22 guests