Configure SSL for multiple host headers in IIS using wildcard certificate
June 3, 2008 – 3:26 amYou have a web server running IIS (Internet Information Services), your web server has only one IP address, and you have been using host headers to run multiple websites of the one IP address. Now, you want to configure SSL on one or more of your websites. What to do? This article will show you.
The basic process is quite simple. Let’s imagine your base domain is www.basedomain.com, and you have configured a number of websites using host headers:
website1.basedomain.com
website2.basedomain.com
website3.basedomain.com
In order to configure SSL for one or more of these websites we will create and install what is called a “Wildcard certificate” which is so named because it targets the entire base domain: *.basedomain.com
Next, we will simply assign this wildcard certificate to the desired websites.
So, let’s go through the process in detail:
1. To begin with, we need a tool for creating SSL certificates. One of the nicest tools for doing this is “SelfSSL” available as part of the IIS 6.0 Resource Kit Tools. These tools can be downloaded here.
2. Next, open a DOS Command Prompt window (Start > Run… > cmd[enter key]) and locate the SelfSSL executable. It may be something like: C:\Program Files\IIS Resources\SelfSSL\
3. Create a Wildcard SSL certificate using the following command:
C:\Program Files\IIS Resources\SelfSSL>selfssl /T /N:cn=*.basedomain.com
/V:3650 /S:{site-id}
Replace *.basedomain.com with your base domain name.
Replace {site-id} with the Identifier for your base website (Default Web Site), probably 1. The Identifier value for each website can be seen via your IIS Manager.
Assuming the command ran successfully, your wildcard certificate is created and installed!
4. Now, to assign this certificate to a particular host header, we use the cscript.exe executable with the following command: (Note: the cscript.exe will already be installed on your server)
C:\Inetpub\AdminScripts>cscript.exe adsutil.vbs set
/w3svc/{site-id}/SecureBindings ":443:hostheader.basedomain.com"
Replace {site-id} with the Identifier for the particular host header website.
Replace hostheader.basedomain.com with the actual host header for your site.
5. Repeat step 4 for each host header website you want to configure SSL for.