IIS 6 multiple ssl bindings on the same site for wildcard certificate

0
votes

I've got a bit of a problem with multiple bindings for a wildcard certificate in IIS6. I want to be able to bind www.mydomain.org.uk and mydomain.org.uk to a single site.

I can at present have either one or the other.

I use this command:

C:\Inetpub\AdminScripts>cscript.exe adsutil.vbs set /w3svc/1/SecureBindings ":443:www.mydomain.org.uk"

but if I run it again to add:

C:\Inetpub\AdminScripts>cscript.exe adsutil.vbs set /w3svc/1/SecureBindings ":443:mydomain.org.uk"

Then it overwrites the original host header binding.

I've got two host headers in IIS itself.

Previously I had a domain certificate on this server which worked fine but the wildcard one is not working.

I tried C:\Inetpub\AdminScripts>cscript.exe adsutil.vbs set /w3svc/1/SecureBindings ":443:mydomain.org.uk,www.mydomain.org.uk"

this doesn't work. I'm looking at the vb script in adsutil but I can't really remember vb script as I've not used it for a very long time

2
iisssl

2 Answers

1
votes

SSL binds ports and IP addresses in IIS6. It has nothing to do with domain names. If you want to bind a wildcard SSL cert pass the command without a domain:

adsutil.vbs set /w3svc/1/SecureBindings ":443:"

This will attach to any IP on the server with port 443 available. If you want a specific IP you pass the IP:

adsutil.vbs set /w3svc/1/SecureBindings "127.0.0.1:443:"
0
votes

I know this is a very old question, but since it doesn't yet have an accepted answer I figured I would post this in case it helps someone else down the road that may still be working with IIS 6. I could not find any documentation on how to set multiple values for properties of type LIST using adsutil.vbs, but some trial and error led me to the solution.

To configure multiple SSL bindings using different host headers on the same site, IP and port that will both use a wildcard cert, assuming you've already added the cert to the site, you can use adsutil.vbs like so:

cscript adsutil.vbs set /w3svc/[site ID]/SecureBindings ":443:host-header.domain.com" ":443:host-header-2.domain.com"

This will configure two separate host headers to each bind to all IPs on the box on port 443, so that the site being configured will serve HTTPS requests for either host header. The wildcard certificate assigned to the site will be used for both. The key is to have each binding space-separated.

We can verify the results from the CLI using:

cscript adsutil.vbs get /w3svc/[site ID]/SecureBindings

This output should indicate that the SecureBindings property now contains two items.

To bind to a specific IP instead, just prefix the IP in front of the first colon in each quoted string value in your adsutil.vbs set command.