At NetQuarry, we write software. We sell a software product – the NetQuarry Platform – that we wrote and own and we support the customers that use our product. Software. That’s it. So, it may seem a little surprising that a blog about IIS and SSL is even here, and more surprising, especially if you know me, that I’m the one writing about it.
We recently wanted to install an SSL certificate on our main build server so that multiple sites hosted on that server could (and in some cases must) use SSL. So, I bought a $199 “wildcard†certificate from GoDaddy.com and installed it onto our Windows 2003 / IIS 6.0 build machine. Everything worked until I tried to add the same certificate to multiple sites on the same server. I started searching for an answer – “SSL certificate IIS subdomain multiple†and found that it wasn’t possible. Host headers – the thing you use to allow one IP address to act like different sites – doesn’t work with IIS 6.0.
I eventually bumped into this article: http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html that solved the problem. Turns out it’s pretty simple, but you can’t do it using the MMC IIS snap-in.
Here’s the script (run from /inetpub/adminscripts):
cscript.exe adsutil.vbs set /w3svc/<site ID>/SecureBindings ":443:<host header>"
Note that I found that you had to install your wildcard certificate, run the script, and restart IIS before everything worked.
Ryan
I’m glad that article helped you out. Technically, “host headers” do work with IIS but not when using SSL because the host headers themselves are encrypted so the server doesn’t know which certificate to use to decrypt them. It is a limitation of the SSL protocol but it will eventually be solved once Server Name Indication becomes more prevalent.
It would be nice if SSL Host Headers could be set up through the IIS interface, but at least there is a way to do it at all.