Fix additional issue whereby existing certificate bindings were not found in IIS 7.5, due to the fact that IIS earlier than 8 doesn't support SNI

2025-04-17 10:10:20 +00:00 · 2017-02-21 12:17:16 +11:00 · 2017-02-21 12:17:16 +11:00 · c94f0b8c62
commit c94f0b8c62
parent 18effe0103
1 changed files with 6 additions and 3 deletions
--- a/salt/modules/win_iis.py
+++ b/salt/modules/win_iis.py
@ -474,6 +474,11 @@ def create_cert_binding(name, site, hostheader='', ipaddress='*', port=443, sslf
    pscmd = list()
    name = str(name).upper()
    binding_info = _get_binding_info(hostheader, ipaddress, port)
+
+    if _iisVersion() < 8:
+        # IIS 7.5 and earlier don't support SNI for HTTPS, therefore cert bindings don't contain the host header
+        binding_info = binding_info.rpartition(':')[0] + ':'
+
    binding_path = r"IIS:\SslBindings\{0}".format(binding_info.replace(':', '!'))

    if sslflags not in _VALID_SSL_FLAGS:
@ -511,10 +516,8 @@ def create_cert_binding(name, site, hostheader='', ipaddress='*', port=443, sslf

    if _iisVersion() < 8:
        # IIS 7.5 and earlier have different syntax for associating a certificate with a site
-        iis7path = binding_path.rpartition("!")[0]
-
        # Modify IP spec to IIS 7.5 format
-        iis7path = iis7path.replace(r"\*!", "\\0.0.0.0!")
+        iis7path = binding_path.replace(r"\*!", "\\0.0.0.0!")

        pscmd.append("New-Item -Path '{0}' -Thumbprint '{1}'".format(iis7path, name))
    else: