Monthly Archives: March 2009

Securing Multiple Sub Domains in IIS 7 with Wildcard SSL

This used to be a real pain in IIS 6.0 but it’s gotten a lot easier in IIS 7.

Let’s say you set up a web server with the following sites…
You could bind each individual site to a specific IP Address but this can be expensive and simply doesn’t scale. What you should be doing is using Host Headers to help IIS differentiate requests for the different end-points. For a good overview of how to do this take a look at Setting Host Headers in IIS 6.0.
Now, you can do exactly the same thing with https – but there’s no UI for it. Possibly the most requested feature hasn’t made it into IIS 7. Amazing!
So, here’s what to do…
  1. Add a new binding for the web site. Set it to be https, keep the default port and choose the SSL Certificate from the dropdown.
  2. Open /inetsrv/Config/applicationHost.xml.
  3. Search for the host header for that site.
  4. Edit the https binding by appending the host header (it follows the same pattern as the http entry.
Leave a comment

Posted by on March 6, 2009 in Technology