Thursday, April 29, 2010

How to set a host header on an SSL binding in IIS7

How to set a host header on an SSL binding in IIS7

If you google for this you'll see alot of answers, but none of them seemed production-ready or correct.

  • You have a Windows 2008 web server that is hosting multiple sites on different IP addresses. 
  • You want/need to return the site name rather than the box name in a WSDL call to one of your web services.
  • You may have multiple SSL certs installed on your server, for each site (i.e. VeriSign certs bound to the domain name of the site). 

Every example I looked was for some other situation, typically a developer's PC using self-generated SSL certs, and "*" is the IP address of the site, but we don't roll like that.
Also, they usually added a binding which works if you don't care which SSL cert you're using, but again, we don't roll like that. We want to edit an existing https binding so we know it's using the right SSL cert, not add a new binding. 

  1. Set up a plain-jane https binding on your site with the right ssl cert. Hostheader is probably grayed out, don't worry about it.
  2. Navigate to the C:\Windows\System32\inetsrv folder in a command window. 
  3. Run this command line - replace everything in #'s with your value:
appcmd set site / #SiteName# /bindings.[protocol='https',bindingInformation='#IPAddress#:443:']

appcmd set site / Intranet /bindings.[protocol='https',bindingInformation='']

You may need to recycle IIS for the binding to correctly show up or work, but calling your service via https should now correctly return the host header rather than the server name!

No comments:

Post a Comment