Thursday, November 26, 2009

Windows Server 2008 IIS7 SSL Host Header

I’ll start off with the bad.  You cannot set this up using the IIS Manager.  Also, once you have it setup, you can view the settings from the IIS Manager, but if you make any changes, the ssl host header settings will be removed.  Very convenient.

The good news is, once you figure out the command line to set it up, it works great.  I have been using it on a couple of test servers for quite a while now to host different test urls on a single ip address.

Assuming you have IIS setup and a cert ready to use, here are the steps I followed.

1. Go ahead and add an SSL binding with your certificate to the website.  The reason for this is to get the certificate hash and Application ID.  You can also get the certificate hash by viewing the details of the cert.  As for the Application ID, this is the only way I could find to get it.  It is probably also the the IIS metabase xml file as well.

2.  In a command prompt run the following command and save the certhash and appid.

  • netsh http show sslcert

showsslcert 

3.  Change directories in the command window to c:\Windows\System32\inetsrv and run

  • appcmd.exe set config -section:system.applicationHost/sites /+"[name='test.mydomain.com'].bindings.[protocol='https',bindingInformation='127.0.0.1
    443:test.mydomain.com']"
    /commit:apphost

appcmd

  • Note: The name= parameter is the name of the site in IIS manager.

4.  The last step is to bind the ssl certificate to the site.

  • netsh http add sslcert ipport=127.0.0.1:443 certhash=1f5596aa6ed348243056eec325fe1fbc326c2d3a appid="{4dc3e181-e14b-4a21-b022-59fc669b0914}"

addsslcert

  • Note: Make sure you put in the values for certhash and appid that you copied earlier.

Finally, the end result….

iis

Labels:

8 Comments:

Anonymous Anonymous said...

Excuse, I have removed this idea :)

December 11, 2009 at 11:57 AM  
Anonymous Anonymous said...

Can anyone recommend the robust IT automation utility for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: [url=http://www.n-able.com] N-able N-central remote support manager
[/url] ? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

December 15, 2009 at 12:57 PM  
Anonymous Anonymous said...

Rather amusing opinion

January 2, 2010 at 11:33 AM  
Anonymous Anonymous said...

This phrase, is matchless)))

January 3, 2010 at 11:25 PM  
Anonymous Anonymous said...

Your blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up!

January 5, 2010 at 5:27 PM  
Anonymous Anonymous said...

Curious topic


I suggest you to come on a site where there is a lot of information on a theme interesting you. Hot Health

January 8, 2010 at 1:44 PM  
Blogger Patrick D said...

hello buddy
congratulation you did a great work with this post about Windows Server 2008 IIS7 SSL Host Header, I love all topic about Windows!!! and I think that this is a great idea and very useful!! thanks. and I have a question I want to know if I can apply SSL on my web site about generic viagra, I'm waiting your answer

March 4, 2010 at 9:13 AM  
Blogger Unknown said...

I ran into this so many times that I ended up creating a UI for it. The goal was to look and feel like IIS but allow me to assign host names to SSL sites. You can find it here:

http://www.simplygoodcode.com/2012/09/configure-iis-ssl-host-header-using-ui.html

September 20, 2012 at 12:19 PM  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home