Setting Host name on SSL Binding on IIS7

Were I work, we have setup an iis that is going to serve all our various environments. Since we didn’t want to create various ports, we decided to add host name on the http binding of each site.

On of our sites though needed an secure logon page, so we came to this problem.

You cannot set host name on an ssl binding through Internet Information Services Manager

image 

While looking on the internet I came across solutions that depend on the appcmd tools located in C:\Windows\System32\inetsrv

While from this tool you can create an ssl binding with hostname, you cannot specify the ssl certificate. If you do so, then if you edit the ssl binding to add the cerificate the host name gets lost.

While looking at the help of appcmd I understood that there is a way to edit the binding, as long as it can be found. I did some test and yes, the host name was added on an existing ssl binding, while keeping the ssl certificate.

Because it is somehow tricky to edit the binding from the appcmd, I created a batch file than can be reused. The file contains on line

call C:\Windows\System32\Inetsrv\appcmd set site /site.name:%1 /bindings.[protocol=’https’,bindingInformation=’*:443:’].bindingInformation:*:443:%2

where

  • %1 is the site name
  • %2 is the host name you want to add

If you would like some explaining, the first bindingInformation basicaly is a search filter that corresponds to a non declared host name and the second is the new value you want to set on the found one. The syntax is much like a dictionary search from C# and I can admit that once I understood it I liked it.

If the transaction is successful you will see a changed output. Most commonly if the filter is not right for whatever reason the appcmd will inform you that it could not find the specified binding

Finally the steps are to give an ssl binding host name are.

  1. Create the ssl binding with the certificate
  2. Run the above batch file with appropriated parameters as explained above
  3. Restart the site as various articles I read instructed, thought while I was playing I never needed it.
  4. Never edit the binding, because you will loose the host name. if you try to edit it, it won’t be displayed so don’t be alarmed as long as it is displayed in the bindings list
Advertisements

8 comments

  1. Hi,

    I have searched this issue too much. As you have mentioned either the selected certificate or the host name parameters has been disappearing although I have used the appcmd. Very thanks for the correct usage of the appcmd.

  2. “Because it is somehow tricky to edit the binding from the appcmd, I created a batch file than can be reused.”

    Actually it’s not that tricky here is my solution… just run this from a command line:

    %systemroot%\system32\inetsrv\APPCMD set site “yoursitename.com” /bindings:https/*:443:yoursitename.com

    or make a batch file…

      • First of all I am not IIS expert at all. Secondly the difference is that my code is shorter and easier to remember and your code didn’t actually worked on my machine.Finally, you’ve said “Because it is somehow tricky to edit the binding from the appcmd,” my example proved that it’s not tricky at all. Anyway, I appreciate your post and wish you the very best!

  3. Unfortunatly the formating of the blog page had created problems with the actual test.
    I also thank you about your comment but honestly I still don’t see the difference. It is a bit more simplified but I would still create a bat file for it, because I would always have to rely on come copy paste.
    It is not an easy format.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s