locked
Creating IIS Site in powershell without SNI ( Multiple Certificates) RRS feed

  • Question

  • Hi All,

    I am trying to create one IIS site in powershell .I want the site to be created without SNI.
    I am using iis 10, ( Windows 2016 server ).

    Our Netscaler is not compatible with SNI and hence I have to create without SNI.

    I am able to create site with SNI using sslflags=1. But When I try to create without sni, I am running into issues.

    Below is my snippet

    $SecurePassword = ConvertTo-SecureString "Somepassword" -AsPlainText -Force; 
    Import-PfxCertificate -FilePath 'C:\certs\nt111trnch01.pfx' -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword; 
    Import-PfxCertificate -FilePath 'C:\certs\nt111trnch02.pfx' -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword; 
    Import-PfxCertificate -FilePath 'C:\certs\nt111trnch03.pfx' -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword; 
    Import-Module "WebAdministration"; 
    New-Item IIS:\Sites\myProj -bindings @{protocol='https';bindingInformation='*:8080:nt111trnch01.sit.abcit';SslFlags=1} -PhysicalPath C:\site; 
    New-WebBinding -Name "myProj" -Protocol https -HostHeader nt111trnch02.sit.abcit -Port 8080 -SslFlags 1; \
    New-WebBinding -Name "myProj" -Protocol https -HostHeader nt111trnch03.sit.abcit -Port 8080 -SslFlags 1; \
    New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch01.sit.abcit" -Thumbprint 145300EC69B3448EE15A54DBCD54647AF8294611 -SslFlags 1; 
    New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch02.sit.abcit" -Thumbprint 86C1CD3660F9810DB30CB2E312E197C898I26253 -SslFlags 1; 
    New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch03.sit.abcit" -Thumbprint 0C7888C0615615997DB6F9DA9E9A03E4671E3BAD -SslFlags 1; 
    New-Item C:\site\myProj -type directory

    Note: I am able to create site with single certificate and without SNI. But binding multiple certificates causing the issues.

    When I changed all SslFlags vlaue to 0, I am getting this error.

    New-Item : Cannot create a file when that file already exists
    At line:12 char:2
    +     New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch02.sit.abci...
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [New-Item], Win32Exception
        + FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.PowerShell.Commands.NewItemCommand
    
    WARNING: Binding host name 'nt111trnch03.sit.abcit' is not equals to certificate subject name 'CN=nt111trnch03.sit.swcsit, OU=IT Services, O=Mycity 
    Company, L=Mycity, S=State, C=Country'. Client may not be able to connect to the site using HTTPS protocol.
    New-Item : Cannot create a file when that file already exists
    At line:13 char:2
    +     New-Item -Path "IIS:\SslBindings\*!8080!nt111trnch03.sit.abci ...
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [New-Item], Win32Exception
        + FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.PowerShell.Commands.NewItemCommand

    Site with multiple certificates

    Thanks in advance

    VVP


    Friday, February 23, 2018 3:57 AM

All replies

  • IIS specific questions should be asked in the IIS forum: http://forums.iis.net

    \_(ツ)_/

    Friday, February 23, 2018 10:42 AM
  • Seems you are trying to create something already exists, try using -Force or use Set-Item cmdlet.

    Regards kvprasoon

    Friday, February 23, 2018 5:50 PM