powershelliissni
Creating IIS Site in powershell without SNI
I am trying to create one IIS site in powershell .I want the site to be created without SNI.
I am using iis 10, ( Windows 2016 server ).
I am able to create site with SNI using sslflags=1. But When I try to create without sni, I am running into issues.
Below is my snippet
$SecurePassword = ConvertTo-SecureString "Somepassword" -AsPlainText -Force;
Import-PfxCertificate -FilePath 'C:\certs\nt111trnch01.pfx' -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword;
Import-PfxCertificate -FilePath 'C:\certs\nt111trnch02.pfx' -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword;
Import-PfxCertificate -FilePath 'C:\certs\nt111trnch03.pfx' -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword;
Import-Module "WebAdministration";
New-Item IIS:\Sites\myProj -bindings @{protocol='https';bindingInformation='*:8080:nt111trnch01.sit.abcit';SslFlags=1} -PhysicalPath C:\site;
New-WebBinding -Name "myProj" -Protocol https -HostHeader nt111trnch02.sit.abcit -Port 8080 -SslFlags 1; \
New-WebBinding -Name "myProj" -Protocol https -HostHeader nt111trnch03.sit.abcit -Port 8080 -SslFlags 1; \
New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch01.sit.abcit" -Thumbprint 145300EC69B3448EE15A54DBCD54647AF8294611 -SslFlags 1;
New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch02.sit.abcit" -Thumbprint 86C1CD3660F9810DB30CB2E312E197C898I26253 -SslFlags 1;
New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch03.sit.abcit" -Thumbprint 0C7888C0615615997DB6F9DA9E9A03E4671E3BAD -SslFlags 1;
New-Item C:\site\myProj -type directory
Note: I am able to create site with single certificate and without SNI. But binding multiple certificates causing the issues.
Thanks in advance
Update 1 I changed all SslFlags vlaue to 0. Now I am getting this error.
New-Item : Cannot create a file when that file already exists
At line:12 char:2
+ New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch02.sit.abci...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-Item], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.PowerShell.Commands.NewItemCommand
WARNING: Binding host name 'nt111trnch03.sit.abcit' is not equals to certificate subject name 'CN=nt111trnch03.sit.swcsit, OU=IT Services, O=Mycity
Company, L=Mycity, S=State, C=Country'. Client may not be able to connect to the site using HTTPS protocol.
New-Item : Cannot create a file when that file already exists
At line:13 char:2
+ New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch03.sit.abci ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-Item], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.PowerShell.Commands.NewItemCommand
I went and checked IIS UI. I can see three bindings, but all 3 bindings are using first certificate only. I think this is because of the errors above.
Solution
I am able to find a solution for this. I did IP bindng to get it working. Not sure whether it is the correct way.
I bind IP of server B to server B certificate, ip of Server C to server C certificate and all ip(*) to server A certificate.
Not sure whether this is correct or should I bind IP to their respective certificate. But this is working . Verified that Netscaler is able to do SSL handshake on all 3 servers
New-Item IIS:\Sites\myproj-bindings @{protocol='https';bindingInformation='*:8080:nt111trnch01.abcit.sit';SslFlags=0} -PhysicalPath C:\site;
New-WebBinding -Name "myproj" -Protocol https -HostHeader nt111trnch02.abcit.sit-IP 10.17.193.235 -Port 8080 -SslFlags 0;
New-WebBinding -Name "myproj" -Protocol https -HostHeader nt111trnch03.abcit.sit-IP 10.16.193.237 -Port 8080 -SslFlags 0;
New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch01.abcit.sit" -Thumbprint 145300EC69B3448EE15A54DBCD54647AF8294611 -SslFlags 0;
New-Item -Path "IIS:\SslBindings\10.16.193.235!8080!nt111trnch02.abcit.sit" -Thumbprint 86C1CD3660F9810DB30CB2E312E197C898I26253 -SslFlags 0;
New-Item -Path "IIS:\SslBindings\10.16.193.237!8080!nt111trnch03.abcit.sit" -Thumbprint 0C7888C0615615997DB6F9DA9E9A03E4671E3BAD -SslFlags 0;
Please let me know if this is not the correct way.
Thanks.
- tee with utf-8 encoding
- PowerShell says "execution of scripts is disabled on this system."
- Calling a PowerShell script from within a VBScript and the use of quotes in the variable passed (JSON format variable)
- Install winget by the command line (powershell)
- How does threading in powershell work?
- System.IO.FileInfo and Relative Paths
- Iterating Json attributes and PSCustom Objects
- MS Graph API - How to query additional pages
- Certificate Rebind in IIS 10 using powershell
- How to make PowerShell tab completion work like Bash
- Powershell function to check input and return datatype is not returning correct values
- Convert string to DateTime in Powershell from CSV
- PowerShell Call SSIS package, Pass Two (or More) Parameters
- Print Local Group Members in PowerShell 5.0
- Get current computer's distinguished name in powershell without using the ActiveDirectory module
- Best PowerShell method to get the current Active Directory Site name of the local computer
- NetBIOS domain of computer in PowerShell
- How do find out short name of domain I'm in?
- Powershell : How to include the root directory while creating a zip using a function
- PSCustomObject to Hashtable
- How to create a Run As Administrator shortcut using PowerShell
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- How to accept inline inputs in a noninteractive powershell script
- remove event subscriptions from system topics
- powershell parse Json file with \ and wildcard in the key name
- Is there a string concatenation shortcut in PowerShell?
- import files to databricks workspace
- How is child_process.exec('powershell "$userInput = Read-Host;"') handled in node.js?
- Can't use sed when using ssh with ms powershell to linux host
- Append information to the output of an existing command