Got the email today that I was awarded Microsoft MVP. It is awarded as a result of your contributions for the past year. I have been active in the iis.net forums and blogging about PowerShell and IIS. More to come later. Just wanted to share this awesome news with everyone.
Terri is a Support Specialist at OrcsWeb, a hosted server company providing managed hosting solutions.
On the topic of self-signed certificates, I wrote another blog post about SAN certificates that is over on my work blog. Jump over there and check it out. The post explains how to create a self-signed SAN certificate and then assign that certificate to multiple host header sites in IIS.
Terri is a Support Specialist at OrcsWeb, a hosted server company providing managed hosting solutions.
One of our clients recently requested the ability to configure SSL for multiple development sites on a server with a single IP address. They had one certificate that was issued by an online CA for their production site and wanted self-signed certificates assigned to multiple development sites for testing purposes. In this walkthrough, I will provide information for creating a wildcard certificate that can be used for testing with any site in the same domain. Here is a blog, written by Scott Forsyth, which provides details about the localtest.me domain which I will use in this walkthrough. For the certificate creation, PowerShell 3.0 is required. PowerShell 3.0 is part of the Windows Management Framework 3.0 package which can be downloaded here. If you are not able to install this on your server, you can create the certificate on a different machine and export it to a pfx file for importing onto your server.
Here is a blog post that I wrote previously that can be used to create multiple localtest.me websites using PowerShell if you would like to experiment with this configuration. Once you have created your websites, you are ready to proceed through this post.
The cmdlet that we will use to create the self-signed wildcard is New-SelfSignedCertificate.
New-SelfSignedCertificate -DnsName www.fabrikam.com, www.contoso.com -CertStoreLocation cert:LocalMachineMy
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
The exact command that I ran for this walkthrough is ‘New-SelfSignedCertificate -DnsName *.localtest.me -CertStoreLocation cert:LocalMachineMy’. This created a self-signed certificate in my local machine store.
Since this certificate is created in the Personal store of the Local Machine, you can export and import it into the Trusted Root Certificate store so that it will be trusted by IIS. If you are planning to test these sites from a different machine than hosts the website, you can also import the certificate into the Trusted Root Certificate store on your workstation and you will not receive any certificate warning errors when testing.
You are now ready to open IIS Manager and assign your newly created certificate to your websites. In order to enable the GUI host header field within the https bindings, the friendly name of your certificate has to be *.domain.com. Since we created the certificate as a wildcard certificate, we do not have to make any modifications to the friendly name.
Open IIS Manager, select the website that you want to add the SSL certificate to, and open Bindings from the Action pane.
Click Add and change the Type to https. You will notice that the Host name: field is greyed out and cannot be edited.
Once you select your certificate (*.localtest.me), this field will be editable, as seen below.
Enter your host header name in the Host name: box and click OK. You can also add this information using appcmd with the following syntax (replace name with your website name):
appcmd set site /site.name:”name” /+bindings.[protocol=’https’,bindinginformation=’*.443:name]
If you used the localtest.me domain for this walkthrough, you are now ready to test your site without having to create DNS or local host file entries.
You are now on your way to happy development testing without pesky SSL warnings interrupting the flow.
Terri is a Support Specialist at OrcsWeb, a hosted server company providing managed hosting solutions.
Updated since WebPICmd.exe is now included with WebPI rather than as a separate download.
I have come across several forum posts by individuals about doing offline installs for computers that do not have internet connectivity. This should apply to most servers within a corporate environment. A server should only have internet connectivity if there is a business reason for it. Since I have come across this multiple times, I figured I would write a blog about it.
There is a command line utility that is included with the Web Platform Installer. You can find it here. Once you have installed WebPI, the WebPICmd.exe (command line installer) will be located in c:Program FilesMicrosoftWeb Platform Installer.
I wanted to use this application to prep for a PHP54 and PHPManager offline install. The beauty of this application is that it determines dependencies and downloads those as well if they are not already installed. For best results, you would want to run this on a machine that closely matches the machine that you are going to be porting the offline cache data to so that you don’t run into issues where you did not download a dependency that the target server needs. You can use All as the Product specification which literally creates an offline cache of all packages in the WPI feed. If you are not sure what you need on the target server, this is the safest option to ensure that you have everything you need when you start, but can be time consuming.
To begin with, I decided to take a look at what was installed on the server I was running this test on. To gather this information, I ran the following command:
c:Program FilesMicrosoftWeb Platform InstallerWebPICmd.exe /List /ListOption:Installed
This returned a list of all applications that have been installed by WebPI.
I then wanted to see all available installation packages so I ran the following command:
>c:Program FilesMicrosoftWeb Platform Installerwpicmd.exe /List /ListOption:Available
This provided a list of applications that could be installed or cached locally for future install. This is a snippet of the output from this command.
The software that you obtain using the Web Platform Installer Command Line Tool
is licensed to you by its owner. Microsoft grants you no rights for third party
software.
Successfully Loaded Feed : https://go.microsoft.com/?linkid=9783679
Current language of installers is English
–Available Products
ID Title
—————————————-
AdvancedLogging Advanced Logging
AppFabric Windows Server AppFabric
ARRv2Update Hotfix for Application Request Routing 2.1
AzureNodePowershell Windows Azure SDK for Node.js – May 2012
AzureNodeSDK Windows Azure SDK for Node.js – August 2012
AzurePHPSDK Windows Azure SDK for PHP – August 2012
AzurePythonSDK Windows Azure SDK for Python – June 2012
AzurePythonSDKCore Windows Azure SDK for Python (Core) – June 2012
CustomLogging IIS: Custom Logging
DACFX Microsoft SQL Server 2012 Data-Tier Application Framework (
Latest)
DACFX_11_0 Microsoft SQL Server 2012 Data-Tier Application Framework 1
1.0 (April 2012)
DBManager Database Manager 1.0
DbManagerUpdate Database Manager 1.0 Hotfix
Django Django 1.4 (Python)
DynamicIPRestrictionsRTW Dynamic IP Restrictions 1.0
Since I wanted to install PHP54 and PHPManager on my server, I scrolled through the list until I located those products to determine what the ProductID was.
PHP54 PHP 5.4.24
PHPManager PHP Manager for IIS
I then ran the command to create an offline cache of these two applications and any dependent applications for install purposes.
>C:Program FilesMicrosoftWeb Platform InstallerWebPICMD.exe /Offline /Products:PHP54,PHPManager /Path:c:appsinstall
This created a local cache copy of all necessary data to install these packages with no internet connectivity. It also provides the exact command line to run to complete the install.
To use the new offline feed, please run the following from the command line:
WebPICmd.exe /Install /Products:<products you want> /XML:<Offline main feed>
Done !
Now for the fun part. I copied my offline-wpi directory to a USB drive and moved it over to a server that I had disabled the network card on. I created the same directory structure that I had on the original server (c:apps) and copied the offline-wpi folder to this location. That way I didn’t have to do any manual modification of the files that were created originally. The file location is listed in the xml file.
On the target machine, I opened a command prompt and entered the information from the Offline main feed output from the creation of the offline cache.
>c:Program FilesMicrosoftWeb Platform InstallerWebPICmd.exe /Install /Products:PHP54, PHPManager /XML:/c:/apps/install/feeds/latest/webproductlist.xml
After the install information is loaded, you are prompted to accept the license terms for each of the applications to be installed. Answer Y and the application is off to the races installing the requested applications. And last but not least, I had SUCCESS.
Verifying successful installation…
PHP Manager for IIS True
PHP 5.4.0 True
Install of Products: SUCCESS
Upon opening IIS Manager on the server, the PHP Manager plug-in icon was available for use and easy of administration of the installed PHP instance.
This is a very nifty tool that can provide nicely packaged applications for those protected servers that do not have internet access to download and install the applications natively.
I hope you find this information helpful.
I wrote a recent blog post for OrcsWeb that explains in layman terms how to configure FTP on your IIS instance. Check it out: FTP User Isolation
IIS and More 