?
Solved

Binding several websites with Wildcard Certificate IIS 7

Posted on 2011-10-05
9
Medium Priority
?
1,405 Views
Last Modified: 2012-10-10
Hello,

I have a wildcard cert I want to use on several websites on my web server. When I bind it to one website it works fine. The problem comes when I try to use the cert on another site on the same server. The problem that happens is the second site will stop and when I try to restart it I get a message that says "This web site cannot be started. Another web site may be using the same port".

Is there something Im missing to config the sites to work with the wildcard cert?

Thanks for any help
0
Comment
Question by:racastillojr
  • 4
  • 4
9 Comments
 
LVL 43

Expert Comment

by:Adam Brown
ID: 36921349
Unless you set a different host header for each site binding to the same IP address, the sites need to be bound to a different port. If you can't assign a host header on your SSL sites for your wildcard cert, it's because the Friendly Name you set on the certificate when you imported it is not set correctly. In order to set a wildcard cert to work with multiple host headers the Friendly Name of the cert has to be *.domain.com

More info here: http://forums.iis.net/t/1160776.aspx
0
 
LVL 30

Accepted Solution

by:
Brad Howe earned 2000 total points
ID: 36924007
Hi,

Yes, SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address.

1. Get an SSL Cert from a vendor
     Option A - WildCard Certificate for when all your sites are  subdomain of a single common domain name such as sub1.Site.com,sub2.Site.com, *.Site.com.

     Option B - UCC/SAN/MultiDomain (all the same in essence) when your sites all use different domain names such as www.Site1.com, www.Site2.com, www.Site3.com

2. Open IIS Manager and assign/Bind it to one of the site as usual.

3. Then finish using AppCMD to assign the ssl host header for the remaining wildcard domains.  

4. Open CMD by clicking the start menu and typing “cmd” and hitting enter.

5.Navigate to “cd C:\Windows\System32\Inetsrv\”.

6. Execute
appcmd set site /site.name:"<YOUR WEBSITE NAME>" /+bindings.[protocol='https',bindingInformation='*:443:<YOUR SSL DOMAIN URL>']



For Example.

1. SSL wildcard cert for *.Site.com
2. 3 Websites.
            sub1.Site.com
            sub2.Site.com
            sub3.Site.com

3. Assign Bindings.


appcmd set site /site.name:"sub1.site.com" /+bindings.[protocol='https',bindingInformation='*:443:sub1.site.com']

appcmd set site /site.name:"sub2.site.com" /+bindings.[protocol='https',bindingInformation='*:443:sub2.site.com']

appcmd set site /site.name:"sub3.site.com" /+bindings.[protocol='https',bindingInformation='*:443:sub3.site.com']

hope it helps,
Hades666
0
 
LVL 4

Author Comment

by:racastillojr
ID: 36924361
Hi hades666

I ran the commands that you mentioned and I get an error that says "Cannot find SITE object with identifier "domain name".
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 30

Expert Comment

by:Brad Howe
ID: 36924409
The command is correct, but you seem to have incorrect parameters set.

What is your website name in IIS Manager.

<YOUR WEBSITE NAME> = your IIS Manager site title. for example Default Web Site or domain name etc.... I don't know what you called your sites in IIS.


<YOUR SSL DOMAIN URL> = the url you want to use.

appcmd set site /site.name:"<YOUR WEBSITE NAME>" /+bindings.[protocol='https',bindingInformation='*:443:<YOUR SSL DOMAIN URL>']


Cheers,
Hades666
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 36924431
if you are unsure, you can use the following to get the proper site names.

eg:

appcmd list site /text:name

This will output the IIS SITENAMES you have setup. Then simply replace the <YOUR WEBSITE NAME> with that title and cahnge the <YOUR SSL DOMAIN URL> to your wildcard proper domain (sub1.site.com) or what ever the domain is. Don't use the *.site.com here. Use the proper url.

Cheers,
Hades666
0
 
LVL 4

Author Comment

by:racastillojr
ID: 36924565
Ok, thanks, I was able to bind the second site using appcmd but when I enter the https url the page doesnt display. It only displays the http part.
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 36924843
Hmmm..

It should be fine.  Can you provide the output of the following please.

appcmd list site
Also, provide the details of your certificate.

Regardless of the domain, the command above should work for you. The results are either;

A. HTTPS works fine for both sites If the domains are listed properly as subject alternative names. Lock appears in browser.

B. HTTPS works fine on main site and 2nd site says there is a problem with the security certificate. This means the domain is not in the certificate.

Either way, if both sites are up and the DNS is working it should load.


Let us know,
Hades666
0
 
LVL 4

Author Comment

by:racastillojr
ID: 36924893
I think it has something to do with the test site because I tried it on two other sites and it worked. Thanks for your help Hades666.
0
 
LVL 4

Author Closing Comment

by:racastillojr
ID: 36924908
Thanks for the help!!!!!!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question