Programmatically add binding on IIS 8 with SNI option

Question

I\'m trying to create bindings for IIS 8 that have the flag SNI checked (Server Name Indication) using Microsoft.Web.Administration library (.NET Framework).

This is

Answer 1

Is it possible with current Microsoft.Web.Administration v 7.0.0.0?

Indeed it is, by manually adding the SslFlags attribute to the node:

Binding mySslBinding;
bool enableSni;

using (var serverManager = new ServerManager())
{
    // ... create or get value of mySslBinding...

    mySslBinding.SetAttributeValue("sslFlags", Convert.ToInt32(enableSni ? 1 : 0));

    serverManager.CommitChanges();
}

See the documentation of SslFlags here: https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/bindings/binding

Note that executing the above code on a machine with any version of IIS earlier than 8.0 will cause the CommitChanges() method to throw an exception, because sslFlags doesn't exist in those versions.

Warning: Enabling SNI on an existing binding may cause its certificate to be unselected!

See also Setting Server Name Indication (SNI) takes off certificate binding

To avoid this problem, you can do this:

var cert = mySslBinding.CertificateHash;
mySslBinding.SetAttributeValue("SslFlags", Convert.ToInt32(1));
mySslBinding.CertificateHash = cert;