IIS and Server Name Indication (SNI)
Posted: Sat Nov 21, 2020 7:36 pm
Hi All,
Is there any way when creating bindings in IIS to tick the option 'Require Server Name Indication' (screenshot below) - I cannot seem to find a way to do this in the UI of installware.
I thought I would try and work around this by instead using a PowerShell script (see below), but for reasons I cannot figure out, the script will not work - it creates the SSL certificate fine, but will not create the binding and assign the certificate. If I run this same script manually in PowerShell ISE, it works perfectly.
Would anyone have any ideas how to do this in Installaware UI, or why the PowerShell script will not execute properly?
#Variables for user to set
$PortNumber = "443"
$HostName = "testserver01.mydomain.com"
$HostName = $HostName.ToLower()
$OS = Get-WMIObject Win32_OperatingSystem | select-object Caption
# Import Module
Import-Module WebAdministration
# Remove Certificate if one already exists of the same name
Get-ChildItem Cert:\LocalMachine\My -DnsName $HostName | remove-item -force -erroraction silentlycontinue
Remove-Item -path "IIS:\SslBindings\*!$PortNumber!$Hostname" -force -erroraction silentlycontinue
Get-WebBinding -Port $PortNumber -Name "passwordstate" | Remove-WebBinding
# Create the SSL Certificate, using different commands depending on which version of Operating System is installed.
if ($OS -like '*8*' -or $OS -like '*2012*')
{
$cert = New-SelfSignedCertificate -DnsName $HostName -CertStoreLocation Cert:\LocalMachine\My
}
else
{
$StartDate = '01/01/' + (Get-Date).Year
$EndDate = '01/01/' + (Get-Date).AddYears(5).Year
$cert = New-SelfSignedCertificate -DnsName $HostName -CertStoreLocation Cert:\LocalMachine\My -FriendlyName $HostName -NotBefore $StartDate -NotAfter $EndDate
}
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open("MaxAllowed")
$rootStore.Add($cert)
$rootStore.Close()
Start-Sleep -s 1
# Create a new web binding in IIS
New-WebBinding -Name 'passwordstate' -HostHeader $Hostname -IPAddress * -Port $PortNumber -Protocol https -SslFlags 1
# Assign the certificate to the binding
New-Item -Path "IIS:\SslBindings\*!$PortNumber!$Hostname" -Value $cert -SSLFlags 1
Regards
Mark
Is there any way when creating bindings in IIS to tick the option 'Require Server Name Indication' (screenshot below) - I cannot seem to find a way to do this in the UI of installware.
I thought I would try and work around this by instead using a PowerShell script (see below), but for reasons I cannot figure out, the script will not work - it creates the SSL certificate fine, but will not create the binding and assign the certificate. If I run this same script manually in PowerShell ISE, it works perfectly.
Would anyone have any ideas how to do this in Installaware UI, or why the PowerShell script will not execute properly?
#Variables for user to set
$PortNumber = "443"
$HostName = "testserver01.mydomain.com"
$HostName = $HostName.ToLower()
$OS = Get-WMIObject Win32_OperatingSystem | select-object Caption
# Import Module
Import-Module WebAdministration
# Remove Certificate if one already exists of the same name
Get-ChildItem Cert:\LocalMachine\My -DnsName $HostName | remove-item -force -erroraction silentlycontinue
Remove-Item -path "IIS:\SslBindings\*!$PortNumber!$Hostname" -force -erroraction silentlycontinue
Get-WebBinding -Port $PortNumber -Name "passwordstate" | Remove-WebBinding
# Create the SSL Certificate, using different commands depending on which version of Operating System is installed.
if ($OS -like '*8*' -or $OS -like '*2012*')
{
$cert = New-SelfSignedCertificate -DnsName $HostName -CertStoreLocation Cert:\LocalMachine\My
}
else
{
$StartDate = '01/01/' + (Get-Date).Year
$EndDate = '01/01/' + (Get-Date).AddYears(5).Year
$cert = New-SelfSignedCertificate -DnsName $HostName -CertStoreLocation Cert:\LocalMachine\My -FriendlyName $HostName -NotBefore $StartDate -NotAfter $EndDate
}
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open("MaxAllowed")
$rootStore.Add($cert)
$rootStore.Close()
Start-Sleep -s 1
# Create a new web binding in IIS
New-WebBinding -Name 'passwordstate' -HostHeader $Hostname -IPAddress * -Port $PortNumber -Protocol https -SslFlags 1
# Assign the certificate to the binding
New-Item -Path "IIS:\SslBindings\*!$PortNumber!$Hostname" -Value $cert -SSLFlags 1
Regards
Mark