Configure a Host Header for a Web Site in IIS7 Windows 2008 where SNI is not supported

Jan 6, 2023

To host more than one Web site on a Web server, you can assign a unique IP address to each Web site, designate a non-standard TCP port number for a Web site, or use host headers. Of the three methods, it is more common to use host headers than to assign unique IP addresses to Web sites or to use non-standard TCP port numbers.

It is possible to bind multiple websites hosted on the same server to port 443, but you can’t easily do it from the GUI because the Host name is greyed out as shown in Figure 1.  However, if the SSL Certificate begins with a *, then it is enabled.  This is likely to support wild card certificates as per Figure 2

Figure 1, Hostname greyed out



Figure 2


The confusion comes when you attempt to bind different SSL certificates to the different website both of which want to use port 443.  That won’t work.


A simple tweak is to go ahead and change the friendly name of the certificate installed and add * before the friendly name as per figure 2. That * doesn't mean that is wild card certificate necessarily.


This will enable the Host name Section where now you can add exactly the URL's and bind multiple SSL certificates with Single IP and port combination.


Using CLI


1)Navigate to cd C:\Inetpub\AdminScripts after opening the command prompt with administrative rights


2) Type the below command


cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"


<host header> is the host header value for the Web site ( <site identifier> is the IIS site ID displayed when looking at all the websites in IIS.




Run that command for each of the websites that need to use that certificate. They will then use the same certificate that was install to the first site on the IP. 






Have any Questions


If you have any questions, feel free to call us