Sudarshan's Blog

My Thoughts, Findings & Experiences

IIS 7.5 & Binding Wild Card Certificate Issue

February 21, 2015 21:32

Recently we were working on Asp.Net MVC project which was going to be deployed on IIS 7.5. So, we installed a wildcard certificate on the web server which we can use for other sites under the same domain.

But, when we tried associating the certificate withHost Name then it was NOT working. IIS was not allowing to enter value inHost Name field even though we have selected correct certificate.

Host name textbox is disabled

We found some articles about how to associate hostname using commands.

If we go via approach specified in these articles then it works ONLY if website has a binding

  • with port 443 without the hostname
  • with port 443 with the hostname

With this, you can't see the hostname is associated with a site when you try to edit the binding. BUT you can access a website using hostname just fine. Here is how IIS binding looks like

Both default and custom hostname bindings required

Both default and custom hostname bindings required

Now the drawback is: Even though you have wildcard certificate, you can't associate that to other websites on the IIS :(.

Real issue

Looks like IIS does not understand wild card certificate as wild card certificate unless it Friendly Name starts with *.

In our case it's friendly name was Wildcard certificate valid till XXXXX date

So, you need to change the friendly name which will start with *.

To do this,

  1. Select Start –> Run
  2. Type in “MMC” and hit enter
  3. From the console, select File –> Add / Remove Snap-in
  4. Select Certificates from the Add / Remove dialog
  5. Select Computer Account when prompt for which certificates the snap-in will manage.
  6. Select Local Computer when prompted
  7. Click OK to add the Snap-in to the MMC
  8. Locate your SSL certificate
  9. Double click the certificate
  10. Select 'Details' tab and select 'Edit Properties'
  11. You should be able to change the friendly name.

Change certificate friendly name

 

Now, if you go back to IIS and try to add/edit bindings, you can now enterHost Name along with selecting wild card certificate

Hostname textbox is editbale in IIS

 

Below article has good information about IIS and certificates:
http://blogs.msdn.com/b/varunm/archive/2013/06/18/bind-multiple-sites-on-same-ip-address-and-port-in-ssl.aspx

Now, you can also associate the same certificate with multiple websites on same IIS server!