10

I need to programatically add an IIS 7.x site and I got stuck when this should be created with a HTTPS/SSL binding by default, usig SiteCollection.Add(string, string, string, byte[]) overload.

Giving https:*:80:test.localhost https:*:443:test.localhost as bindingInformation throws an ArgumentException with this message: The specified HTTPS binding is invalid.

What's wrong in this binding information?

Thank you.

EDIT: I'm using Microsoft.Web.Administration assembly.

Improve this question
6
  • Wrong port (443)? Missing certificate? Commented Feb 3, 2012 at 12:39
  • @ZombieHunter There's no missing certificate, I'm correctly loading it, I've the byte array. Port... Mmmm, good point hahaha Commented Feb 3, 2012 at 12:41
  • @ZombieHunter No luck, it's not the port. Commented Feb 3, 2012 at 12:43
  • Just a guess: your certificate is issued for "test.localhost"? Commented Feb 3, 2012 at 12:46
  • @ZombieHunter It's for localhost "as is" Commented Feb 3, 2012 at 12:47

2 Answers 2

Reset to default
15

Here is what I did to create https site and it worked. I skip some parts of code here, of course.

using Microsoft.Web.Administration
...
using(var manager = new ServerManager())
{
    // variables are set in advance...
    var site = manager.Sites.Add(siteName, siteFolder, siteConfig.Port);

    var store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
    store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

    // certHash is my certificate's hash, byte[]
    var binding = site.Bindings.Add("*:443:", certHash, store.Name);
    binding.Protocol = "https";

    store.Close();

    site.ApplicationDefaults.EnabledProtocols = "http,https";

    manager.CommitChanges();
}

UPD: the certificate is created from a pfx file the following way:

// get certificate from the file
string pfx = Directory.GetFiles(folder, "*.pfx", SearchOption.AllDirectories).FirstOrDefault();
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

var certificate = new X509Certificate2(pfx, certPassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
store.Add(certificate);
store.Close();
certHash = certificate.GetCertHash();
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

It seems to be the way to go, but when I commit changes, it throws an UnauthorizedAccessException and there's no description. Have you faced this problem too?
You need to have administrative permissions to administer iis and work with auth root certificate store.
It's not a great silver bullet, but you gave me a good hint, and now it works fine. Thank you very much!
How are you getting the value for certHash?
If another subdomain in the same site is already using the same (*.yourdomain.com) certificate, you can borrow the certHash and storeName from that. You don't have to load the certificate from a file.
|
1

As far as I can see BindingInformation is without the protocol:

The value of this property is a colon-delimited string that includes the IP address, port, and host name of the binding.

Source: http://msdn.microsoft.com/en-us/library/microsoft.web.administration.binding.bindinginformation%28v=vs.90%29.aspx

There is also a overload of that takes a parameter BindingProtocol:

public Site Add(
    string name,
    string bindingProtocol,
    string bindingInformation,
    string physicalPath
)

Source: http://msdn.microsoft.com/en-us/library/bb359364%28v=vs.90%29.aspx

Maybe you should use the Binding object offered by the Site instance as is offers more settings than the SiteCollection instance.

Improve this answer

1 Comment

Thanks for your effort. By the way, I gave a link to the overload doc in MSDN, and if you check remarks, you'll find this overload supports protocol in binding information. In second place, I tried to do the other way like your suggestion with same effect.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.