问题
The idea is to automate linking an SSL certificate to a website in IIS 7 or above.
All the websites in a server use same IP address and same default port. So they are all differentiated by their host header names.
I could achieve this manually without any issue. But while automating there is issue.
When done manually, the ssl configuation entries in http.sys are recorded as HostNameport TestName:443, not as ipport xx.yy.z.a:443.
So I wanted to mimic the same manual steps for automation to work. But it is not helping.
I tried below steps.
- Create a new ssl configuration in http.sys for hostname port combination with below command.
netsh --% http add sslcert hostnameport=Testssl:443 certhash=d70930bb790f89c04c728d9285b64f5fb0258fc7 appid={01010101-0101-0101-0101-010101010101} certstorename=MY
Create a new web binding for the website using hostheader name.
New-ItemProperty IIS:\sites\TestSite -name bindings -value @{protocol="https";bindingInformation="192.168.1.108:443:Testssl"}
or
New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108
With the above two steps the new binding is present, but the SSL certificate is not attached to the binding.
Is it not possible to set SSL certificate for a binding with a corresponding hostname port entry in http.sys ssl configuration?
回答1:
With the help of comment from Lex Li, the below command WORKS.
New-WebBinding -Name TestSite -Protocol https -Port 443 -HostHeader Testssl -IPAddress 192.168.1.108 -SslFlags 1
来源:https://stackoverflow.com/questions/39841884/setting-existing-ssl-certificate-on-an-iis-website-which-uses-hostheader