?
Solved

APPCMD to enable central certificate store and SNI?

Posted on 2015-02-24
4
Medium Priority
?
579 Views
Last Modified: 2015-03-07
Hello,

I have 6 web servers that we are building for our new production environment and have used appcmd to assign bindings to each of our 300+ websites on one of the servers to test it out.  (needless to say I don't want to manually add bindings one at a time for almost 2000 sites)  I am looking for a way to automate the enabling of the respective "use central certificate store" and "require Server Name Indication" check boxes programatically.  The Appcmd script below works great and I can use the central certificate store and SNI once I have manually enabled the check box for it in the bindings section of IIS 8.

appcmd set site /site.name:"mydomain.com" /+bindings.[protocol='https',bindingInformation='x.x.x.x:443:customer.mydomain.com']

Does anyone know of a command I can add to each line of my script to enable those two check boxes, or of a way to script the enabling of it later in batch?

Thank you
unassigned.png
enabled.png
0
Comment
Question by:bobbailey22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40630421
I have half answer I think

appcmd set site "My site name" /bindings:"https://server.domain.com:443"  should take care of centralize certificate store
0
 

Author Comment

by:bobbailey22
ID: 40631216
I will try that command and let you know, it may take some time as I am working offsite today.  Will that enable Server Name Indication as well?
0
 

Accepted Solution

by:
bobbailey22 earned 0 total points
ID: 40640326
Here is the proper way to add bindings using SNI and CCS

How to Configure Bindings in IIS 8 using Server Name Indication(SNI) and Central Certificate Store(CCS).
*This must be done this way to ensure all the necessary registry keys are created.
Located : HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslSniBindingInfo

1: Choose web site in IIS.  Go to Bindings Menu and Add a new binding.
2: Enter the following info:
A.      Type: Http
B.      IP Address: All Unassisgned
C.      Port: 80
D.      HostName: www.temporary.com
3: Click OK to save binding
4: Click Add to add another binding with the following info:
A.      Type: Https
B.      IP Address: All Unassigned
C.      Port 443
D.      hostname: www.temporary.com
E.      Check “Require Server Name Indication” & “Use Centralized Certificate Store”
5: Click OK to save SSL binding.
6: Browse to:  C:\Windows\System32\inetsrv\config on local server.
7:  Open “applicationHost.config” file in notepad
8: Browse to the “<sites>” section and locate the relevant site name: “domain.com”
9: Located the Bindings that you created from the GUI.  Will be in this format:
<binding protocol="https" bindingInformation="*:443:www.temporary.com" sslFlags="3" />
<binding protocol="http" bindingInformation="*:80:www.temporary.com" />
10: Remove the host info from the binding so that it now looks like this:
<binding protocol="https" bindingInformation="*:443:" sslFlags="3" />
<binding protocol="http" bindingInformation="*:80:" />
11: Save File and close
12: Open the Bindings menu from IIS and confirm that the host value is now removed.  Restart IIS.
0
 

Author Closing Comment

by:bobbailey22
ID: 40650720
We ended up finding the best solution with the help of one of our technicians.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question