Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


On IIS: configure one certificate for several sites

For a Wildcard (Omnidomain) or Multiple-Site certificate

To use a certificate that protects multiple websites, such as a wildcard or multiple CN (Multiple Sites) server certificate, the server must be supports the Host field of the HTTP 1.1 standard to manage several different sites on an IP address + port pair.

Only IIS6 version or higher are compatible under Windows 2003 Server with SP1. If you are using a lower version, then hosting several SSL websites with the same IP address/Port number pair is not possible. You'll need to use several IP addresses with the same port number (443) or the same IP address with several port numbers.

With IIS6 W2003 SP1+

In order to use the Host field with SSL, set up the Securebindings metabase and define a host field for your website. Example for host ssl1.example.com:
cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:ssl1.example.com"

With IIS7+

In order to use the Host field with SSL, set up the Securebindings metabase and define a host field for your website. Example for host ssl1.example.com:
appcmd set site /site.name:"<site identifier>" /+bindings.[protocol='https',bindingInformation='*:443:ssl1.example.com']

For a Wildcard certificate, it is also possible to configure this with the GUI on IIS 7+. First of all you have to ensure that the friendly name of the certificate is exactly the same as the CN included in it. Example: if the CN of your certificate is *.domain.com, then the friendly name will be *.domain.com.

To change a friendly name, right click on your certificate via Windows MMC and click "Properties". Then change the friendly name. To find your certificate in the MMC, click on this link: Install a certificate from Windows Server with the Certificates MMC

Once done, you will be able to choose the host name in the certificate choice window.



To summarize:

  • under IIS5: one IP address per site is requires, even with a wildcard certificate
  • under IIS6: one IP address per site is requires, even with a wildcard certificate
  • under IIS6 SP1 and IIS7+: it can be done with one IP address by filling in the SecureBindings metabase manually as explained on Microsoft website.

Linked documentation