SSL binding with no "SNI" ( in IIS 8 )

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Matt Bloomfield Matt Bloomfield 5 months, 3 weeks ago.

  • Author
    Posts
  • #63253
    Profile photo of Deepak
    Deepak
    Participant

    Hi,

    I am executing this to bind the certificate to my site.

    New-WebBinding -name $iisSite -Protocol https -HostHeader localhost -Port 443 -SslFlags 1

    Note that the SNI (-SslFlags) is enabled in this. We can disable SNI by passing -SslFlags 0 to above command , but in that case the certificate binding is not happening.

    But i want to disable SNI as without that "https" is not working outside the box (for remote access).

    Is there a way i can disable SNI except the above way ?

    Appreciate any help !
    Deepak

  • #63265
    Profile photo of Matt Bloomfield
    Matt Bloomfield
    Participant

    The SSLFlags parameter determines where the certificate will be stored. Using 0 will store it in Windows certificate storage.

    Once the certificate is in the storage, you need to run two more commands to link the certificate to the website binding.

    $cert = Get-ChildItem -Path 'Cert:\LocalMachine\My | Where-Object {$_.subject -like '*mysite*'} | Select-Object -ExpandProperty Thumbprint
    
    Get-Item -Path "cert:\localmachine\my\$cert" | New-Item -Path IIS:\SSLBindings\1.2.3.4!443"
    

You must be logged in to reply to this topic.