Daniel Little Coding Blog
Daniel Little Coding Blog

A blog about .net development and the web.

Daniel Little
Author

Daniel Little (lavinski) is a Brisbane based software developer.

Share


Our Newsletter


Like this blog? Get each new post as soon it's posted.

Tags


Twitter


Multiple https bindings in IIS7 for developers

Daniel LittleDaniel Little

When working with websites that require https (SSL) developers always ending up facing the problem: Why can't you use hostnames with https. This is because hostname is encrypted so IIS needs to establish the SSL connection before it can even read the hostname.

However we can get around this problem by making use of a wildcard certificate. Then it won't matter what the hostname is and we can happily use SSL on all our internal dev sites.

You can't actually use IIS to setup a wildcard certificate so I'll be using a bit of Powershell to move things along.

The first step is to create the self signed certificate. Any clients will also have to trust this certificate.

$cert = New-SelfSignedCertificate -DnsName "*.company.internal" -CertStoreLocation cert:\LocalMachine\My
Export-Certificate -Cert $cert -FilePath "company.internal.cer"

$password = ConvertTo-SecureString -String "SecretHeHe" -Force –AsPlainText
Export-PfxCertificate -Cert $cert -FilePath "company.internal.pfx" -Password $password

Next add the bindings to IIS, this script will add a http and https binding for each combination of site and environment.

$sites = @(
    "website"
)

$envs = @(
    "test",
    "stage"
)

Import-Module WebAdministration
foreach ($name in $sites) {

    foreach ($env in $envs) {
        $name = "$name ($env)"

        $siteName = "$name ($env)"
        New-WebBinding -Name $siteName -Port 80 -Protocol http -HostHeader "$env.$name.company.internal"
        New-WebBinding -Name $siteName -Port 443 -Protocol https -HostHeader "$env.$name.company.internal"
    }
}

Just one thing left, setup IIS to use the certificate. To do that open IIS and import the certificate. Then select the open one of the https bindings and select the certificate (it won't matter which one, any site on that port will use it).

Daniel Little
Author

Daniel Little

Daniel Little (lavinski) is a Brisbane based software developer.

Comments