public static void AddCertificateBinding(string certificateThumbprint, System.Net.IPEndPoint ipPort, Guid appId) { // add a new binding record var certBinding = new CertificateBinding(certificateThumbprint, StoreName.My, ipPort, appId); config.Bind(certBinding); //returns false }
public void Update() { var ipPort = GetEndpointWithFreeRandomPort(); var appId = Guid.NewGuid(); CertConfigCmd.Add(new CertConfigCmd.Options { ipport = ipPort, certhash = _testingCertThumbprint, appid = appId, certstorename = StoreName.AuthRoot.ToString(), }); var configuration = new CertificateBindingConfiguration(); var binding = new CertificateBinding(_testingCertThumbprint, StoreName.My, ipPort, appId, new BindingOptions { DoNotPassRequestsToRawFilters = true, DoNotVerifyCertificateRevocation = true, EnableRevocationFreshnessTime = true, NegotiateCertificate = true, NoUsageCheck = true, RevocationFreshnessTime = TimeSpan.FromMinutes(1), RevocationUrlRetrievalTimeout = TimeSpan.FromSeconds(5), UseDsMappers = true, VerifyRevocationWithCachedCertificateOnly = true, }); var updated = configuration.Bind(binding); Assert.IsTrue(updated); var result = CertConfigCmd.Show(ipPort); Assert.IsTrue(result.IsSuccessfull); var expectedOutput = string.Format( @" IP:port : {0} Certificate Hash : {1} Application ID : {2} Certificate Store Name : My Verify Client Certificate Revocation : Disabled Verify Revocation Using Cached Client Certificate Only : Enabled Usage Check : Disabled Revocation Freshness Time : 60 URL Retrieval Timeout : 5000 Ctl Identifier : (null) Ctl Store Name : (null) DS Mapper Usage : Enabled Negotiate Client Certificate : Enabled " , ipPort, _testingCertThumbprint, appId.ToString("B")); Assert.IsTrue(result.Output.ToLowerInvariant().Contains(expectedOutput.ToLowerInvariant())); }
/// <summary> /// 将指定的SSL证书绑定到指定的端口,并与应用程序关联 /// </summary> /// <param name="httpsPort"></param> /// <param name="sslCert"></param> /// <param name="appId"></param> public static void BindCertToIP(int httpsPort, X509Certificate2 sslCert, Guid appId) { if (sslCert == null) { throw new ArgumentNullException(nameof(sslCert)); } // netsh http add sslcert ipport=0.0.0.0:53963 appid={A24092A5-F73D-4033-9F40-1BF9004A41A1} certhash=DF51794312354DE531D8B2E6414864F433A2769B // netsh http add sslcert hostnameport=www.fish-test.com:53963 appid={A24092A5-F73D-4033-9F40-1BF9004A41A1} certhash=DC4C95714651C086D325FF481F4E217A5C431A74 certstorename=MY var configuration = new CertificateBindingConfiguration(); IPEndPoint sslPort = new IPEndPoint(IPAddress.Any, httpsPort); CertificateBinding binding = new CertificateBinding(sslCert.Thumbprint, StoreName.My, sslPort, appId); configuration.Bind(binding); }
public void UpdateCertificateBinding(string thumbprint, int httpsPort, List <Action> rollbackActions) { CertificateBindingConfiguration bindingConfiguration = new CertificateBindingConfiguration(); CertificateBinding originalBinding = this.GetCertificateBinding(bindingConfiguration); if (originalBinding != null) { bindingConfiguration.Delete(originalBinding.IpPort); rollbackActions.Add(() => bindingConfiguration.Bind(originalBinding)); } CertificateBinding binding = new CertificateBinding(thumbprint, "My", new IPEndPoint(IPAddress.Parse("0.0.0.0"), httpsPort), HttpSysHostingOptions.AppId, new BindingOptions()); bindingConfiguration.Bind(binding); rollbackActions.Add(() => bindingConfiguration.Delete(binding.IpPort)); this.registryProvider.CertBinding = binding.IpPort.ToString(); rollbackActions.Add(() => this.registryProvider.CertBinding = originalBinding?.IpPort?.ToString()); }
public NoraAzureStack() { var resourceGroup = new ResourceGroup(AddEnvironmentPrefix("nora")); // Reference existing app service plan. var appServicePlan = Plan.Get("home-projects-asp", "/subscriptions/72fc2865-939d-4afc-80d4-ab60f14c099e/resourceGroups/Shared/providers/Microsoft.Web/serverfarms/home-projects-asp"); // Reference existing cosmosdb account. var cosmosDbAccount = Account.Get("home-projects-cosmosdb", "/subscriptions/72fc2865-939d-4afc-80d4-ab60f14c099e/resourceGroups/Shared/providers/Microsoft.DocumentDB/databaseAccounts/home-projects-cosmosdb"); // Reference dns zone from cloudflare var dnsZone = Zone.Get("momo-adew.com", "b9eb57d1d01a353e72276d2fa0565d81"); var webApp = new AppService(AddEnvironmentPrefix("nora-web"), new AppServiceArgs { ResourceGroupName = resourceGroup.Name, HttpsOnly = true, AppServicePlanId = appServicePlan.Id }); // https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain var customDomainName = AddEnvironmentPrefix("nora.momo-adew.com"); var verificationDomainName = $"asuid.{customDomainName}"; var verificationRecord = new Record("nora-web-txt-record", new RecordArgs { Name = verificationDomainName, ZoneId = dnsZone.Id, Type = "TXT", Value = webApp.CustomDomainVerificationId, Ttl = 300 }); var cnameRecord = new Record("nora-web-cname-record", new RecordArgs { Name = customDomainName, ZoneId = dnsZone.Id, Type = "CNAME", Value = webApp.DefaultSiteHostname, Ttl = 300 }); var hostNameBinding = new CustomHostnameBinding("nora-web-hostname", new CustomHostnameBindingArgs { Hostname = customDomainName, AppServiceName = webApp.Name, ResourceGroupName = resourceGroup.Name }); var sslCert = new ManagedCertificate("nora-web-cert", new ManagedCertificateArgs { CustomHostnameBindingId = hostNameBinding.Id }); var sslCertBinding = new CertificateBinding("nora-web-cert-binding", new CertificateBindingArgs { HostnameBindingId = hostNameBinding.Id, CertificateId = sslCert.Id, SslState = "SniEnabled" }); }
public static void DoNotVerifyCertificateRevocation(CertificateBinding certificateBinding) { // set an option and update the binding record certificateBinding.Options.DoNotVerifyCertificateRevocation = true; config.Bind(certificateBinding); //returns true }