SSL binding with no "SNI" ( in IIS 8 )

This topic contains 1 reply, has 2 voices, and was last updated by  Matt Bloomfield 1 year, 5 months ago.

  • Author
  • #63253



    I am executing this to bind the certificate to my site.

    New-WebBinding -name $iisSite -Protocol https -HostHeader localhost -Port 443 -SslFlags 1

    Note that the SNI (-SslFlags) is enabled in this. We can disable SNI by passing -SslFlags 0 to above command , but in that case the certificate binding is not happening.

    But i want to disable SNI as without that "https" is not working outside the box (for remote access).

    Is there a way i can disable SNI except the above way ?

    Appreciate any help !

  • #63265

    Matt Bloomfield

    The SSLFlags parameter determines where the certificate will be stored. Using 0 will store it in Windows certificate storage.

    Once the certificate is in the storage, you need to run two more commands to link the certificate to the website binding.

    $cert = Get-ChildItem -Path 'Cert:\LocalMachine\My | Where-Object {$_.subject -like '*mysite*'} | Select-Object -ExpandProperty Thumbprint
    Get-Item -Path "cert:\localmachine\my\$cert" | New-Item -Path IIS:\SSLBindings\!443"

You must be logged in to reply to this topic.