/// <summary>
/// Creates or updates the htttps bindings associated with the dns names in the current
/// request config, using the requested port/ips or autobinding
/// </summary>
/// <param name="requestConfig"></param>
/// <param name="pfxPath"></param>
/// <param name="cleanupCertStore"></param>
/// <returns></returns>
internal bool InstallCertForRequest(ManagedSite managedSite, string pfxPath, bool cleanupCertStore)
{
var requestConfig = managedSite.RequestConfig;
if (new System.IO.FileInfo(pfxPath).Length == 0)
{
throw new ArgumentException("InstallCertForRequest: Invalid PFX File");
}
//store cert against primary domain
var storedCert = CertificateManager.StoreCertificate(requestConfig.PrimaryDomain, pfxPath);
if (storedCert != null)
{
var site = FindManagedSite(managedSite);
//get list of domains we need to create/update https bindings for
List <string> dnsHosts = new List <string> {
requestConfig.PrimaryDomain
};
if (requestConfig.SubjectAlternativeNames != null)
{
dnsHosts.AddRange(requestConfig.SubjectAlternativeNames);
}
dnsHosts = dnsHosts.Distinct().ToList();
// add/update required bindings for each dns hostname
foreach (var hostname in dnsHosts)
{
//match dns host to IIS site
if (String.IsNullOrWhiteSpace(hostname))
{
throw new ArgumentException("InstallCertForRequest: Invalid (empty) DNS hostname supplied");
}
if (site != null)
{
//create/update binding and associate new cert
//if any binding elements configured, use those, otherwise auto bind using defaults and SNI
InstallCertificateforBinding(site, storedCert, hostname,
sslPort: !String.IsNullOrWhiteSpace(requestConfig.BindingPort) ? int.Parse(requestConfig.BindingPort) : 443,
useSNI: (requestConfig.BindingUseSNI != null ? (bool)requestConfig.BindingUseSNI : true),
ipAddress: !String.IsNullOrWhiteSpace(requestConfig.BindingIPAddress) ? requestConfig.BindingIPAddress : null
);
}
}
if (cleanupCertStore)
{
//remove old certs for this primary domain
CertificateManager.CleanupCertificateDuplicates(storedCert, requestConfig.PrimaryDomain);
}
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// Creates or updates the htttps bindings associated with the dns names in the current
/// request config, using the requested port/ips or autobinding
/// </summary>
/// <param name="requestConfig"></param>
/// <param name="pfxPath"></param>
/// <param name="cleanupCertStore"></param>
/// <returns></returns>
internal async Task <bool> InstallCertForRequest(ManagedSite managedSite, string pfxPath, bool cleanupCertStore)
{
var requestConfig = managedSite.RequestConfig;
if (new System.IO.FileInfo(pfxPath).Length == 0)
{
throw new ArgumentException("InstallCertForRequest: Invalid PFX File");
}
//store cert against primary domain
string certStoreName = CertificateManager.GetDefaultStore().Name;
var storedCert = await CertificateManager.StoreCertificate(requestConfig.PrimaryDomain, pfxPath, isRetry : false, enableRetryBehaviour : _enableCertDoubleImportBehaviour);
if (storedCert != null)
{
var certHash = storedCert.GetCertHash();
var site = FindManagedSite(managedSite);
//get list of domains we need to create/update https bindings for
List <string> dnsHosts = new List <string> {
ToUnicodeString(requestConfig.PrimaryDomain)
};
if (requestConfig.SubjectAlternativeNames != null)
{
foreach (var san in requestConfig.SubjectAlternativeNames)
{
dnsHosts.Add(ToUnicodeString(san));
}
//dnsHosts.AddRange(requestConfig.SubjectAlternativeNames);
}
dnsHosts = dnsHosts.Distinct().ToList();
// add/update required bindings for each dns hostname
foreach (var hostname in dnsHosts)
{
//match dns host to IIS site
if (String.IsNullOrWhiteSpace(hostname))
{
throw new ArgumentException("InstallCertForRequest: Invalid (empty) DNS hostname supplied");
}
if (site != null)
{
//TODO: if the binding fails we should report it, requires reporting a list of binding results
//create/update binding and associate new cert
//if any binding elements configured, use those, otherwise auto bind using defaults and SNI
InstallCertificateforBinding(certStoreName, certHash, site, hostname,
sslPort: !String.IsNullOrWhiteSpace(requestConfig.BindingPort) ? int.Parse(requestConfig.BindingPort) : 443,
useSNI: (requestConfig.BindingUseSNI != null ? (bool)requestConfig.BindingUseSNI : true),
ipAddress: !String.IsNullOrWhiteSpace(requestConfig.BindingIPAddress) ? requestConfig.BindingIPAddress : null,
alwaysRecreateBindings: requestConfig.AlwaysRecreateBindings
);
}
}
if (cleanupCertStore)
{
//remove old certs for this primary domain
CertificateManager.CleanupCertificateDuplicates(storedCert, requestConfig.PrimaryDomain);
}
return(true);
}
else
{
return(false);
}
}
