IIS 7 and multiple SSL sites on a single IP

One of the very nice features of IIS 7 is the use of host headers in combination with SSL. This is a fine feature and this works perfect in combination with a wildcard certificate.

When I ordered a certificate with three (sub)domains I found that this certificate could not be used in combination with a host header.

For me this was a big disappointment because I was hoping I could use only one IP on the internet to preserve my public IP’s therefor I warn/inform all of you with this blog it’s a waste of money to buy a SAN certificate if you’de like to use it in this way, multipe single certificates are much cheaper.

UPDATE:

It is possible to use a SAN certificate on a single ip address using host header names, the problem is the IIS GUI. When you use appcmd it works like a charm.

appcmd set site /site.name:”<IISSiteName>” /+bindings.[protocol=’https’,bindingInformation=’*:443:<hostHeaderValue>’]

Source:
http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html

 

In the binding properties windows you will see the host header specified but no ssl certificate specified, this is correct when you browse to the URL specified in the host header you’re SSL site you’re HTTPS website will work fine. Many thanks http://www.sslshopper.com

6 comments on “IIS 7 and multiple SSL sites on a single IP”

  1. ReVe says:

    Gui works in 7.5 atleast.. It allows the hostname field to be used when you use wildcard certificate, no need to do things via cmd if you don’t want to..

    Atleast for me it worked so that I just selected the certificate to be used and the hostname field was not greyed out anymore.

    1. Michael says:

      Correct for IIS 7.5, cmd is for 7 and lower

  2. Miky says:

    Just a note: if you set the “friendly” name of your certificate to an asterisk (“*”) followed by any name, the “host” field is magically enabled also for https (in IIS bindings). To change your cert’s name, just use MMC/Certificates, enter into personal folder and right-click on cert to access its properties.

    1. Jeff says:

      Thanks for that tip!! The * in the friendly name was a big help. That makes the GUI usable for adding bindings.

Leave a Reply

Your email address will not be published. Required fields are marked *

captcha

Please enter the CAPTCHA text