Menu
I'm trying to create bindings for IIS 8 that have the flag SNI checked (Server Name Indication) using Microsoft.Web.Administration library (.NET Framework).
This is necessary to me because I want to get multiple SSL bindings for the same website under IIS, all using just one IP address. This is one of the main new features of IIS 8.
I've been looking into the Binding class and I can't find any flag or option to indicate it.
Is it possible with current Microsoft.Web.Administration v 7.0.0.0? Will I need a new version that I haven't found?
I know that version 7.9.0.0 is only for IIS express, and it isn't my scenario, so I haven't looked into it.
956
Solution. On Windows Server 2012, IIS supports Server Name Indication (SNI), which is a TLS extension to include a virtual domain as a part of SSL negotiation. What this effectively means is that the virtual domain name, or a hostname, can now be used to identify the network end point.
Go to Start → Administrative Tools → Internet Information Services (IIS) Manager. In the Connections pane of IIS, expand the Sites and select the website which you want to access via IP address. Click on the Bindings link and you will see current bindings of that website.
I finally managed to do it using the Microsoft.Web.Administration from the folder %windir%\system32\inetsrv\ but only in Windows 8/Windows 2012 with IIS 8.
These libraries had the SslFlags option in the Add function for BindingCollection class. There is no documentation from microsoft yet for this new overload, or at least I haven't found it.
The SslFlags.Sni is available to use in this one and creates the binding with SNI check perfectly.
191
Is it possible with current Microsoft.Web.Administration v 7.0.0.0?
Indeed it is, by manually adding the SslFlags attribute to the <binding> node:
Binding mySslBinding;
bool enableSni;
using (var serverManager = new ServerManager())
{
// ... create or get value of mySslBinding...
mySslBinding.SetAttributeValue("sslFlags", Convert.ToInt32(enableSni ? 1 : 0));
serverManager.CommitChanges();
}
See the documentation of SslFlags here: https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/bindings/binding
Note that executing the above code on a machine with any version of IIS earlier than 8.0 will cause the CommitChanges() method to throw an exception, because sslFlags doesn't exist in those versions.
Warning: Enabling SNI on an existing binding may cause its certificate to be unselected!
See also Setting Server Name Indication (SNI) takes off certificate binding
To avoid this problem, you can do this:
var cert = mySslBinding.CertificateHash;
mySslBinding.SetAttributeValue("SslFlags", Convert.ToInt32(1));
mySslBinding.CertificateHash = cert;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
