Setting Host name on SSL Binding on IIS7
Were I work, we have setup an iis that is going to serve all our various environments. Since we didn’t want to create various ports, we decided to add host name on the http binding of each site.
On of our sites though needed an secure logon page, so we came to this problem.
You cannot set host name on an ssl binding through Internet Information Services Manager
While looking on the internet I came across solutions that depend on the appcmd tools located in C:\Windows\System32\inetsrv
While from this tool you can create an ssl binding with hostname, you cannot specify the ssl certificate. If you do so, then if you edit the ssl binding to add the cerificate the host name gets lost.
While looking at the help of appcmd I understood that there is a way to edit the binding, as long as it can be found. I did some test and yes, the host name was added on an existing ssl binding, while keeping the ssl certificate.
Because it is somehow tricky to edit the binding from the appcmd, I created a batch file than can be reused. The file contains on line
call C:\Windows\System32\Inetsrv\appcmd set site /site.name:%1 /bindings.[protocol='https',bindingInformation='*:443:'].bindingInformation:*:443:%2
where
- %1 is the site name
- %2 is the host name you want to add
If you would like some explaining, the first bindingInformation basicaly is a search filter that corresponds to a non declared host name and the second is the new value you want to set on the found one. The syntax is much like a dictionary search from C# and I can admit that once I understood it I liked it.
If the transaction is successful you will see a changed output. Most commonly if the filter is not right for whatever reason the appcmd will inform you that it could not find the specified binding
Finally the steps are to give an ssl binding host name are.
- Create the ssl binding with the certificate
- Run the above batch file with appropriated parameters as explained above
- Restart the site as various articles I read instructed, thought while I was playing I never needed it.
- Never edit the binding, because you will loose the host name. if you try to edit it, it won’t be displayed so don’t be alarmed as long as it is displayed in the bindings list
January 19, 2012 at 5:27 pm
Hi,
I have searched this issue too much. As you have mentioned either the selected certificate or the host name parameters has been disappearing although I have used the appcmd. Very thanks for the correct usage of the appcmd.
January 20, 2012 at 12:10 am
Glad to be of help and see people that are finding useful info on this blog.
February 27, 2012 at 3:48 pm
great solution ,thanks a lot
February 27, 2012 at 9:04 pm
Thanks
April 30, 2012 at 5:41 pm
“Because it is somehow tricky to edit the binding from the appcmd, I created a batch file than can be reused.”
Actually it’s not that tricky here is my solution… just run this from a command line:
%systemroot%\system32\inetsrv\APPCMD set site “yoursitename.com” /bindings:https/*:443:yoursitename.com
or make a batch file…
April 30, 2012 at 10:41 pm
And the difference is?
April 30, 2012 at 11:03 pm
First of all I am not IIS expert at all. Secondly the difference is that my code is shorter and easier to remember and your code didn’t actually worked on my machine.Finally, you’ve said “Because it is somehow tricky to edit the binding from the appcmd,” my example proved that it’s not tricky at all. Anyway, I appreciate your post and wish you the very best!
May 1, 2012 at 8:19 pm
Unfortunatly the formating of the blog page had created problems with the actual test.
I also thank you about your comment but honestly I still don’t see the difference. It is a bit more simplified but I would still create a bat file for it, because I would always have to rely on come copy paste.
It is not an easy format.