Skip to content

IIS Certificate binding #16

Open
Open
@damienpontifex

Description

@damienpontifex

I was watching the ignite video and found myself here. There was a brief mention of certificates in that talk and maybe this could be a good place to bring it up.

I was looking for guidance on certificate management with IIS inside windows containers. This is what I'd got to thus far for my Dockerfile to use central certificate store and volume mapping a pfx secret for k8s into C:\inetpub\certs:

RUN $userPass = [guid]::newguid(); \
    # Admin user that can be used for enabling cert provider
    New-LocalUser -Name CertUser -Password (ConvertTo-SecureString $userPass -AsPlainText -Force); \
    Add-LocalGroupMember -Group Administrators -Member CertUser; \
    # Enable Central Certificate Store for IIS
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-CertProvider; \
    # Enable the central certificate store and tell it where certificates are stored
    New-Item -ItemType Directory -Path C:\inetpub\certs | Out-Null; \
    Enable-WebCentralCertProvider -CertStoreLocation C:\inetpub\certs -UserName CertUser -Password $userPass; \
    Import-Module WebAdministration; \
    # Add a central certificate store ssl binding for https
    New-WebBinding -Name 'Default Web Site' -SslFlags 3 -Protocol https -IP '*' -Port 443 -HostHeader '*'; \
    New-Item -Path IIS:\SslBindings\!443!* -SslFlags 3

This is still in development from my side and I'm still validating it's working state etc.

Guidance, tools or anything else that would enable us to have SSL on IIS in our container at runtime while potentially simplifying this would be a great resource.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions