Jeremy Davis
Jeremy Davis
Sitecore, C# and web development
Article printed from: https://blog.jermdavis.dev/posts/2015/automating-host-names-and-ssl-certificates-for-sitecore-instances

Automating host names and SSL certificates for Sitecore instances

Published 08 June 2015
PowerShell Sitecore ~2 min. read

When you install an instance of Sitecore via the .exe installer you get a single host name added to your machine, which matches the instance name you chose. But for real world projects this is rarely enough. Most websites need to respond to other host names, and they often also need SSL certificates installed so that these hosts can be accessed via HTTPS. Developers need these features set up so that they can code and test with them.

Recently I've been looking at automating more installation tasks via PowerShell, in order to try and standardise the processes developers use when setting up new instances for work. I've been digging out helpful bits of script from across the internet, and I plan to write a few posts to document some of the approaches I've been experimenting with. The first of these posts covers info on automating host names and their bindings:

Adding entries to the host file

The host file is just a text file, so you can use fairly simple PowerShell commands to modify it:

function Add-Host([string]$ipAddress, [string]$hostname) {
  $entry = $ipAddress + `t" + $hostname
  Out-File -encoding ASCII -append -filepath 'C:\Windows\System32\drivers\etc\hosts' -inputobject $entry
}

					

The function takes the IP Address and the Host Name you want to bind. It formats the data that needs adding to the file by concatenating the IP address, a tab and the host name. It then appends that string to the host file to update it.

This function can then be called as follows:

Add-Host '127.0.0.1' 'www.demosite.test'

					

It can be called multiple times to add more than one entry.

Installing an SSL Certificate and binding the host to HTTP and HTTPS

The script for adding an SSL certificate and then binding it to a site is a bit more complex. Firstly it needs to ensure that the certificate is imported and available for use. The host name needs to be set up, and configured for use with HTTP and HTTPS in IIS. And finally the SSL Certificate needs to be bound to the HTTPS host.

A function to do these tasks for a single host looks like:

function Bind-HostsWithSSL([string]$pfxFile, [string]$pfxPassword, [string]$site, [string]$hostName) {
  $thumbprint = (Add-SSLCertificate $pfxFile $pfxPassword $site | foreach { $_.ToString("X2") }) -join ""
  $cert = Get-Item "cert:\LocalMachine\MY\$thumbprint"

  Add-Host '127.0.0.1' $hostName

  New-WebBinding -Name $site -Port 80 -Protocol http -HostHeader $hostName
  New-WebBinding -Name $site -Port 443 -Protocol https -HostHeader $hostName

  Push-Location "IIS:\SSLBindings"
  if( -not (Test-Path 0.0.0.0!443) ) {
      New-Item -Path 0.0.0.0!443 -Value $cert
  }
  Pop-Location  
}

					

The function takes the path to and password for a .PFX file, the IIS site name and the host to bind.

It starts by importing the PFX file with the Add-SSLCertificate commandlet. This returns an array of bytes representing the certificate's thumbprint. We need this later as a string, so the code then formats the array into a hex string and returns it. Next, the thumbprint is used to return the imported certificate object.

The code then adds the host, and uses the New-WebBinding commandlet to attach the host name to ports 80 and 443 of the required IIS Site. By not specifying this binding for a particular IP address, we're telling IIS to bind to "All Unassigned".

Finally, it ensures that an SSL Binding item exists to map the correct certificate. This doesn't specify a particular IP address, using "0.0.0.0" to match the IIS Site using "All Unassigned".

This function can then be called as follows:

Bind-HostsWithSSL 'c:\TestSite.com.pfx' 'p@55w0rd' 'IISSiteName' 'www.testSite.com'

					

This code relies on a recent release of PowerShell – I'm working with V4, but I think this would work with V3.

More to follow on scripted developer setup – once I've had a chance to write it up...

↑ Back to top