Troubleshooting: Host headers in Microsoft Server 2008 IIS 7.0 & 7.5

Depending on your environment you may have the following Issues:

  • Website A is coming up as website B.
  • Unable to assign a certificate due to another website using the same IP or Port.
  • Host Name when binding the certificate is grayed out.

Using Host Headers requires that the following conditions are met:

  • You must be using either a Wildcard or a SAN certificate
  • The website address being used must meet the following.
    • Include as a SAN value on the certificate.
    • The Common Name (CN) of the certificate
    • Be Covered by a wildcard
  • Only one certificate can be used for a given IP address and port combination
  • The friendly name of the certificate must have the wildcard * attribute in order to utilize a SAN or wildcard certificate.

To configure a host header for a website in IIS 7.0 & 7.5 perform the following.

Step 1: Ensure you have a friendly name associated with your Server Certificate.

  1. Start > run > MMC.
    mmc
  2. Go into the Console Tab > File > Add/Remove Snap-in.mmc
  3. Click on Add > Click on Certificates and click on Add.mmc
  4. Choose Computer Account > Next.mmc exportNote: When troubleshooting browser certificates such as client certificates, email signing certificates, CodeSigning, etc.. you will choose My user account instead and continue with the certificate snap in wizard.
  5. Choose Local Computer > Finish.
    mmc export
  6. Close the Add Standalone Snap-in window.
  7. Click on OK at the Add/Remove Snap-in window.
  8. You will be brought back into the management console where you will see your snap in where you can expand and right click the various folders or certificate so see options that are available to you.

You have successfully created a MMC snap-in to manage certificates on your server system.

Step 2: Assigning a friendly name to an SSL Certificate:

  1. Under Personal > Certificates, Right click on your certificate you are focused on, and select Properties.Certificate Properties
  2. In the Properties pop up window, under Friendly Name check to see if a friendly name has been assigned to the certificate. If not then specify a friendly name of your choosing.
    Note: If you need to use host headers to assign an SSL certificate to a website add a wildcard to the certificates subdomain Example: *.testcsr.com or *.yoursite.com
  3. Click Ok.
    Certificate Properties

You have now successfully assigned and changed a friendly name to an SSL Certificate.

Step 3: Editing your website to use host headers with a SAN or wildcard certificate. 

  1. Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. In the left pane, Click the server name.
  3. Click on the website you need to configure.
  4. In the right Actions pane click Bindings
    Host headers
  5. In the Site Binding dialog pop up box select the https binding for which you want to to configure and click Edit.
    Note: If you do not have an https binding yet click Add and under the Type drop down menu select https.
    Host Headers
  6. In the Site binding dialog box under  Host name box, type a host header for the site, for example www.domain.com.
  7. Under the SSL certificate Drop down box select the SSL certificate you wish to assign to this website.
  8. Click Ok.
    Host Headers

To use the same certificate with an additional website (using the same IP address and port combination), create and/or modify the binding on the site in question. Specifying the Host Name using host headers may resolve any conflicts with IP and Port configurations.

Your Websites and the direction of traffic should now work with the Host headers option utilizing a wildcard or SAN certificate

If this resolution does not work or will have to contact Microsoft regarding your unique environment.

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »