So, for some time now I’ve worked w/ HTTPS and SSL and have had no real issues. Today however, I finally got a chance to put multiple SSL sites on one IIS 6.0 server which wasn’t very intuitive. HTTPS is funny in that the host header data that a web server needs to have access to is encrypted and can’t be used until it’s decrypted. Course for it to decrypt the packet, it must know which certificate to use and very quickly we’ve got a circular issue. Long story short, web servers CAN host multiple SSL websites so long as the sites are variations of <something>.example.com and you use an apporpriate wild card certificate that will cover all the different sites on your HTTPS web server (such as an SSL certificate issued to *.example.com to cover all of the variations of <something>.example.com.) Ya, I know, confusing.
So while I was applying my craft to a Windows Server 2003 R2 box running IIS 6.0 I quickly encountered an error when I tried to put another website on port 443. Error was, “Cannot register the URL prefix https://*:443/ for site ‘<your site identifier here>’. The necessary network binding may already be in use. The site has been deactivated.” I believe it was event ID 1007 in the event viewer system logs. God I love logs 🙂
Quick search on Google reveals you’ve got to go command-line for this one by executing cscript.exe like so:
cd C:\Inetpub\AdminScripts
cscript.exe adsutil.vbs set /w3svc/Identifier/SecureBindings ":443:host header"
.
.
.
.
You can find your site identifier inside of IIS for the site you’re trying to attach on port 443 and just use your site’s FQDN for the host header field.
See this link for a more thorough walk thru:
http://www.digicert.com/ssl-support/configure-iis-host-headers.htm