• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1462
  • Last Modified:

Binding several websites with Wildcard Certificate IIS 7

Hello,

I have a wildcard cert I want to use on several websites on my web server. When I bind it to one website it works fine. The problem comes when I try to use the cert on another site on the same server. The problem that happens is the second site will stop and when I try to restart it I get a message that says "This web site cannot be started. Another web site may be using the same port".

Is there something Im missing to config the sites to work with the wildcard cert?

Thanks for any help
0
racastillojr
Asked:
racastillojr
  • 4
  • 4
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
Unless you set a different host header for each site binding to the same IP address, the sites need to be bound to a different port. If you can't assign a host header on your SSL sites for your wildcard cert, it's because the Friendly Name you set on the certificate when you imported it is not set correctly. In order to set a wildcard cert to work with multiple host headers the Friendly Name of the cert has to be *.domain.com

More info here: http://forums.iis.net/t/1160776.aspx
0
 
Brad HoweDevOps ManagerCommented:
Hi,

Yes, SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address.

1. Get an SSL Cert from a vendor
     Option A - WildCard Certificate for when all your sites are  subdomain of a single common domain name such as sub1.Site.com,sub2.Site.com, *.Site.com.

     Option B - UCC/SAN/MultiDomain (all the same in essence) when your sites all use different domain names such as www.Site1.com, www.Site2.com, www.Site3.com

2. Open IIS Manager and assign/Bind it to one of the site as usual.

3. Then finish using AppCMD to assign the ssl host header for the remaining wildcard domains.  

4. Open CMD by clicking the start menu and typing “cmd” and hitting enter.

5.Navigate to “cd C:\Windows\System32\Inetsrv\”.

6. Execute
appcmd set site /site.name:"<YOUR WEBSITE NAME>" /+bindings.[protocol='https',bindingInformation='*:443:<YOUR SSL DOMAIN URL>']



For Example.

1. SSL wildcard cert for *.Site.com
2. 3 Websites.
            sub1.Site.com
            sub2.Site.com
            sub3.Site.com

3. Assign Bindings.


appcmd set site /site.name:"sub1.site.com" /+bindings.[protocol='https',bindingInformation='*:443:sub1.site.com']

appcmd set site /site.name:"sub2.site.com" /+bindings.[protocol='https',bindingInformation='*:443:sub2.site.com']

appcmd set site /site.name:"sub3.site.com" /+bindings.[protocol='https',bindingInformation='*:443:sub3.site.com']

hope it helps,
Hades666
0
 
racastillojrAuthor Commented:
Hi hades666

I ran the commands that you mentioned and I get an error that says "Cannot find SITE object with identifier "domain name".
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Brad HoweDevOps ManagerCommented:
The command is correct, but you seem to have incorrect parameters set.

What is your website name in IIS Manager.

<YOUR WEBSITE NAME> = your IIS Manager site title. for example Default Web Site or domain name etc.... I don't know what you called your sites in IIS.


<YOUR SSL DOMAIN URL> = the url you want to use.

appcmd set site /site.name:"<YOUR WEBSITE NAME>" /+bindings.[protocol='https',bindingInformation='*:443:<YOUR SSL DOMAIN URL>']


Cheers,
Hades666
0
 
Brad HoweDevOps ManagerCommented:
if you are unsure, you can use the following to get the proper site names.

eg:

appcmd list site /text:name

This will output the IIS SITENAMES you have setup. Then simply replace the <YOUR WEBSITE NAME> with that title and cahnge the <YOUR SSL DOMAIN URL> to your wildcard proper domain (sub1.site.com) or what ever the domain is. Don't use the *.site.com here. Use the proper url.

Cheers,
Hades666
0
 
racastillojrAuthor Commented:
Ok, thanks, I was able to bind the second site using appcmd but when I enter the https url the page doesnt display. It only displays the http part.
0
 
Brad HoweDevOps ManagerCommented:
Hmmm..

It should be fine.  Can you provide the output of the following please.

appcmd list site
Also, provide the details of your certificate.

Regardless of the domain, the command above should work for you. The results are either;

A. HTTPS works fine for both sites If the domains are listed properly as subject alternative names. Lock appears in browser.

B. HTTPS works fine on main site and 2nd site says there is a problem with the security certificate. This means the domain is not in the certificate.

Either way, if both sites are up and the DNS is working it should load.


Let us know,
Hades666
0
 
racastillojrAuthor Commented:
I think it has something to do with the test site because I tried it on two other sites and it worked. Thanks for your help Hades666.
0
 
racastillojrAuthor Commented:
Thanks for the help!!!!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now