Configure SSL Host Headers in IIS 7

This article discusses how to use only one IP address and have multiple SSL installs on the single IP address. Typically each SSL install requires a dedicated IP address, that of which is not assigned to any other site in IIS, to work. This article will provide a workaround for that scenario and only applies to Dedicated or Virtual Machines running Windows with IIS7.

To configure an SSL in IIS7 with SSL host headers, follow the steps below:

  1. Log into the server via Remote Desktop.  If you are not familiar with Remote Desktop, please see Connecting to a Server via Remote Desktop.
  2. Navigate to IIS (Internet Information Services) in the Remote Desktop session by either double-clicking the IIS icon on the desktop or going to Start > Run > and typing inetmgr.
  3. Expand the tree within IIS to view the websites.  Under the Sites category, click the site in question.  The right hand panel will show the specific site properties.  Click Bindings… to view the host header values for the site.  If host headers are setup correctly, click OK to exit the dialog box.  Otherwise, correctly setup the host header values and then click OK to exit the dialog box.
    IIS7 Site Bindings
  4. Also ensure that the SSL is already installed in IIS following Import an SSL into IIS 7.
  5. Next, open a command prompt by going to Start > Run > and typing cmd.  Once the command prompt window opens, navigate to C:\Windows\System32\Inetsrv\ by typing cd C:\Windows\System32\Inetsrv\.
  6. Run the following command to set the secure bindings for each site in IIS that should use the certificate entering in the appropriate information for <IISSiteName> and <hostHeaderValue>:
    IIS7 Site Listing

    appcmd set site /"<IISSiteName>"/+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
  7. In the case above, if and are to use the same SSL, the commands to run are below.  In this case since the site name in IIS is the same as the host header value, <IISSIteName> and <hostHeaderValue> are the same.
    appcmd set site /"" /+bindings.[protocol='https',bindingInformation='*']
    appcmd set site /"" /+bindings.[protocol='https',bindingInformation='*']
  8. Run this command for each site that needs to be use the certificate.  Each site will then use the certificate that was installed on the first site with that IP address.