/// <summary> /// Creates or updates the htttps bindings associated with the dns names in the current /// request config, using the requested port/ips or autobinding /// </summary> /// <param name="requestConfig"></param> /// <param name="pfxPath"></param> /// <param name="cleanupCertStore"></param> /// <returns></returns> public async Task <bool> InstallCertForRequest(ManagedSite managedSite, string pfxPath, bool cleanupCertStore) { var requestConfig = managedSite.RequestConfig; if (new System.IO.FileInfo(pfxPath).Length == 0) { throw new ArgumentException("InstallCertForRequest: Invalid PFX File"); } //store cert against primary domain string certStoreName = CertificateManager.GetDefaultStore().Name; var storedCert = await CertificateManager.StoreCertificate(requestConfig.PrimaryDomain, pfxPath, isRetry : false, enableRetryBehaviour : _enableCertDoubleImportBehaviour); if (storedCert != null) { var certHash = storedCert.GetCertHash(); var site = FindManagedSite(managedSite); //get list of domains we need to create/update https bindings for List <string> dnsHosts = new List <string> { ToUnicodeString(requestConfig.PrimaryDomain) }; if (requestConfig.SubjectAlternativeNames != null) { foreach (var san in requestConfig.SubjectAlternativeNames) { dnsHosts.Add(ToUnicodeString(san)); } //dnsHosts.AddRange(requestConfig.SubjectAlternativeNames); } dnsHosts = dnsHosts.Distinct().ToList(); // add/update required bindings for each dns hostname foreach (var hostname in dnsHosts) { //match dns host to IIS site if (String.IsNullOrWhiteSpace(hostname)) { throw new ArgumentException("InstallCertForRequest: Invalid (empty) DNS hostname supplied"); } if (site != null) { //TODO: if the binding fails we should report it, requires reporting a list of binding results //create/update binding and associate new cert //if any binding elements configured, use those, otherwise auto bind using defaults and SNI InstallCertificateforBinding(certStoreName, certHash, site, hostname, sslPort: !String.IsNullOrWhiteSpace(requestConfig.BindingPort) ? int.Parse(requestConfig.BindingPort) : 443, useSNI: (requestConfig.BindingUseSNI != null ? (bool)requestConfig.BindingUseSNI : true), ipAddress: !String.IsNullOrWhiteSpace(requestConfig.BindingIPAddress) ? requestConfig.BindingIPAddress : null, alwaysRecreateBindings: requestConfig.AlwaysRecreateBindings ); } } if (cleanupCertStore) { //remove old certs for this primary domain CertificateManager.CleanupCertificateDuplicates(storedCert, requestConfig.PrimaryDomain); } return(true); } else { return(false); } }