Configure a Host Header for a Web Site in IIS7 Windows 2008 where SNI is not supported

Apr 26, 2017

To host more than one Web site on a Web server, you can assign a unique IP address to each Web site, designate a non-standard TCP port number for a Web site, or use host headers. Of the three methods, it is more common to use host headers than to assign unique IP addresses to Web sites or to use non-standard TCP port numbers.

It is possible to bind multiple websites hosted on the same server to port 443, but you can’t easily do it from the GUI because the Host name is greyed out as shown in Figure 1.  However, if the SSL Certificate begins with a *, then it is enabled.  This is likely to support wild card certificates as per Figure 2

Figure 1, Hostname greyed out

 

 

Figure 2

 

The confusion comes when you attempt to bind different SSL certificates to the different website both of which want to use port 443.  That won’t work.

 

A simple tweak is to go ahead and change the friendly name of the certificate installed and add * before the friendly name as per figure 2. That * doesn't mean that is wild card certificate necessarily.

 

This will enable the Host name Section where now you can add exactly the URL's and bind multiple SSL certificates with Single IP and port combination.

 

Using CLI

 

1)Navigate to cd C:\Inetpub\AdminScripts after opening the command prompt with administrative rights

 

2) Type the below command

 

cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"

 

<host header> is the host header value for the Web site (www.myothersite.com). <site identifier> is the IIS site ID displayed when looking at all the websites in IIS.

 

 

Find the site identifier by clicking on Web Sites in IIS

 

Run that command for each of the websites that need to use that certificate. They will then use the same certificate that was install to the first site on the IP. 

 

 

 

 

 

Have any Questions

If you have any questions, feel free to call us