Solved

APPCMD to enable central certificate store and SNI?

Posted on 2015-02-24
4
551 Views
Last Modified: 2015-03-07
Hello,

I have 6 web servers that we are building for our new production environment and have used appcmd to assign bindings to each of our 300+ websites on one of the servers to test it out.  (needless to say I don't want to manually add bindings one at a time for almost 2000 sites)  I am looking for a way to automate the enabling of the respective "use central certificate store" and "require Server Name Indication" check boxes programatically.  The Appcmd script below works great and I can use the central certificate store and SNI once I have manually enabled the check box for it in the bindings section of IIS 8.

appcmd set site /site.name:"mydomain.com" /+bindings.[protocol='https',bindingInformation='x.x.x.x:443:customer.mydomain.com']

Does anyone know of a command I can add to each line of my script to enable those two check boxes, or of a way to script the enabling of it later in batch?

Thank you
unassigned.png
enabled.png
0
Comment
Question by:bobbailey22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40630421
I have half answer I think

appcmd set site "My site name" /bindings:"https://server.domain.com:443"  should take care of centralize certificate store
0
 

Author Comment

by:bobbailey22
ID: 40631216
I will try that command and let you know, it may take some time as I am working offsite today.  Will that enable Server Name Indication as well?
0
 

Accepted Solution

by:
bobbailey22 earned 0 total points
ID: 40640326
Here is the proper way to add bindings using SNI and CCS

How to Configure Bindings in IIS 8 using Server Name Indication(SNI) and Central Certificate Store(CCS).
*This must be done this way to ensure all the necessary registry keys are created.
Located : HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslSniBindingInfo

1: Choose web site in IIS.  Go to Bindings Menu and Add a new binding.
2: Enter the following info:
A.      Type: Http
B.      IP Address: All Unassisgned
C.      Port: 80
D.      HostName: www.temporary.com
3: Click OK to save binding
4: Click Add to add another binding with the following info:
A.      Type: Https
B.      IP Address: All Unassigned
C.      Port 443
D.      hostname: www.temporary.com
E.      Check “Require Server Name Indication” & “Use Centralized Certificate Store”
5: Click OK to save SSL binding.
6: Browse to:  C:\Windows\System32\inetsrv\config on local server.
7:  Open “applicationHost.config” file in notepad
8: Browse to the “<sites>” section and locate the relevant site name: “domain.com”
9: Located the Bindings that you created from the GUI.  Will be in this format:
<binding protocol="https" bindingInformation="*:443:www.temporary.com" sslFlags="3" />
<binding protocol="http" bindingInformation="*:80:www.temporary.com" />
10: Remove the host info from the binding so that it now looks like this:
<binding protocol="https" bindingInformation="*:443:" sslFlags="3" />
<binding protocol="http" bindingInformation="*:80:" />
11: Save File and close
12: Open the Bindings menu from IIS and confirm that the host value is now removed.  Restart IIS.
0
 

Author Closing Comment

by:bobbailey22
ID: 40650720
We ended up finding the best solution with the help of one of our technicians.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question