Binding several websites with Wildcard Certificate IIS 7

Hello,

I have a wildcard cert I want to use on several websites on my web server. When I bind it to one website it works fine. The problem comes when I try to use the cert on another site on the same server. The problem that happens is the second site will stop and when I try to restart it I get a message that says "This web site cannot be started. Another web site may be using the same port".

Is there something Im missing to config the sites to work with the wildcard cert?

Thanks for any help
LVL 4
racastillojrAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
Unless you set a different host header for each site binding to the same IP address, the sites need to be bound to a different port. If you can't assign a host header on your SSL sites for your wildcard cert, it's because the Friendly Name you set on the certificate when you imported it is not set correctly. In order to set a wildcard cert to work with multiple host headers the Friendly Name of the cert has to be *.domain.com

More info here: http://forums.iis.net/t/1160776.aspx
Brad HoweDevOps ManagerCommented:
Hi,

Yes, SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address.

1. Get an SSL Cert from a vendor
     Option A - WildCard Certificate for when all your sites are  subdomain of a single common domain name such as sub1.Site.com,sub2.Site.com, *.Site.com.

     Option B - UCC/SAN/MultiDomain (all the same in essence) when your sites all use different domain names such as www.Site1.com, www.Site2.com, www.Site3.com

2. Open IIS Manager and assign/Bind it to one of the site as usual.

3. Then finish using AppCMD to assign the ssl host header for the remaining wildcard domains.  

4. Open CMD by clicking the start menu and typing “cmd” and hitting enter.

5.Navigate to “cd C:\Windows\System32\Inetsrv\”.

6. Execute
appcmd set site /site.name:"<YOUR WEBSITE NAME>" /+bindings.[protocol='https',bindingInformation='*:443:<YOUR SSL DOMAIN URL>']



For Example.

1. SSL wildcard cert for *.Site.com
2. 3 Websites.
            sub1.Site.com
            sub2.Site.com
            sub3.Site.com

3. Assign Bindings.


appcmd set site /site.name:"sub1.site.com" /+bindings.[protocol='https',bindingInformation='*:443:sub1.site.com']

appcmd set site /site.name:"sub2.site.com" /+bindings.[protocol='https',bindingInformation='*:443:sub2.site.com']

appcmd set site /site.name:"sub3.site.com" /+bindings.[protocol='https',bindingInformation='*:443:sub3.site.com']

hope it helps,
Hades666

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
racastillojrAuthor Commented:
Hi hades666

I ran the commands that you mentioned and I get an error that says "Cannot find SITE object with identifier "domain name".
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Brad HoweDevOps ManagerCommented:
The command is correct, but you seem to have incorrect parameters set.

What is your website name in IIS Manager.

<YOUR WEBSITE NAME> = your IIS Manager site title. for example Default Web Site or domain name etc.... I don't know what you called your sites in IIS.


<YOUR SSL DOMAIN URL> = the url you want to use.

appcmd set site /site.name:"<YOUR WEBSITE NAME>" /+bindings.[protocol='https',bindingInformation='*:443:<YOUR SSL DOMAIN URL>']


Cheers,
Hades666
Brad HoweDevOps ManagerCommented:
if you are unsure, you can use the following to get the proper site names.

eg:

appcmd list site /text:name

This will output the IIS SITENAMES you have setup. Then simply replace the <YOUR WEBSITE NAME> with that title and cahnge the <YOUR SSL DOMAIN URL> to your wildcard proper domain (sub1.site.com) or what ever the domain is. Don't use the *.site.com here. Use the proper url.

Cheers,
Hades666
racastillojrAuthor Commented:
Ok, thanks, I was able to bind the second site using appcmd but when I enter the https url the page doesnt display. It only displays the http part.
Brad HoweDevOps ManagerCommented:
Hmmm..

It should be fine.  Can you provide the output of the following please.

appcmd list site
Also, provide the details of your certificate.

Regardless of the domain, the command above should work for you. The results are either;

A. HTTPS works fine for both sites If the domains are listed properly as subject alternative names. Lock appears in browser.

B. HTTPS works fine on main site and 2nd site says there is a problem with the security certificate. This means the domain is not in the certificate.

Either way, if both sites are up and the DNS is working it should load.


Let us know,
Hades666
racastillojrAuthor Commented:
I think it has something to do with the test site because I tried it on two other sites and it worked. Thanks for your help Hades666.
racastillojrAuthor Commented:
Thanks for the help!!!!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.