Siguiendo lo que describen aqui.
Con el enfoque original (asociar certificado con IP y puerto) llega un momento en que se intenta “sobreescribir” la asociaciĆ³n de certificados con ips. Este enfoque no sirve para webservers con varios sites. Haciendolo de esta otra forma (asociando hostname:ip con certificado) podemos tener tantos sites y hostnames como sea necesario.
diff /usr/local/lib/python2.7/dist-packages/ansible/modules/windows/win_iis_webbinding.ps1 /home/psf/prov/ansible/lib/ansible/modules/windows/win_iis_webbinding.ps1
24d23
<
68,69c67
< # "sslFlags" = $args[0].sslFlags
< "sslFlags" = '1' --- > "sslFlags" = $args[0].sslFlags
91c89
< New-WebBinding @binding_parameters -Force -SslFlags 1 --- > New-WebBinding @binding_parameters -Force
106,110d103
< $host_header = $binding_parameters["HostHeader"]
< if(!$host_header) {
< $host_header = ""
< }
<
113,122c106,109
< $result.host_header = $host_header
< $result.certificatehash = $certificateHash
< $result.certificatestorename = $certificateStoreName
<
<
< $guid = [guid]::NewGuid().ToString("B")
< netsh http add sslcert hostnameport="$($host_header):$($port)" certhash="$certificateHash" certstorename="$certificateStoreName" appid="$guid"
< # Push-Location IIS:\SslBindings\
< # Get-Item Cert:\LocalMachine\$certificateStoreName\$certificateHash | New-Item "$($ip)!$($port)!$($host_header)"
< # Pop-Location --- >
> Push-Location IIS:\SslBindings\
> Get-Item Cert:\LocalMachine\$certificateStoreName\$certificateHash | New-Item "$($ip)!$($port)"
> Pop-Location
…