http://involvenevolve.com/ My Thoughts, Findings & Experiences Articulate, blogging built on Umbraco 2113 http://involvenevolve.com/post/iis-75-binding-wild-card-certificate-issue/ Asp.Net IIS <p>Recently we were working on Asp.Net MVC project which was going to be deployed on IIS 7.5. So, we installed a wildcard certificate on the web server which we can use for other sites under the same domain.</p> <p>But, when we tried associating the certificate withHost Name then it was NOT working. IIS was not allowing to enter value inHost Name field even though we have selected correct certificate.</p> <p><img style="width: 407px; height:222px;" src="http://involvenevolve.com/media/1056/iis-site-bindings.png?width=407&amp;height=222" alt="Host name textbox is disabled" data-id="3118"></p> <p>We found some articles about how to associate hostname using commands.</p> <ul> <li><a href="https://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html">https://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html</a></li> <li><a href="http://stackoverflow.com/questions/16276860/iis-7-adding-ssl-to-one-site-all-other-sites-responds-to-https-request">http://stackoverflow.com/questions/16276860/iis-7-adding-ssl-to-one-site-all-other-sites-responds-to-https-request</a></li> </ul> <p>If we go via approach specified in these articles then it works ONLY if website has a binding</p> <ul> <li>with port 443 without the hostname</li> <li>with port 443 with the hostname</li> </ul> <p>With this, you can't see the hostname is associated with a site when you try to edit the binding. BUT you can access a website using hostname just fine. Here is how IIS binding looks like</p> <p><img style="width: 751px; height: 236px;" src="http://involvenevolve.com/media/1058/website-bindings.png?width=751&amp;height=236" alt="Both default and custom hostname bindings required" data-id="3120"></p> <p>Both default and custom hostname bindings required</p> <p>Now the drawback is: Even though you have wildcard certificate, you can't associate that to other websites on the IIS :(.</p> <h6>Real issue</h6> <p>Looks like IIS does not understand wild card certificate as wild card certificate unless it <strong>Friendly Name</strong> starts with <strong>*.</strong></p> <p>In our case it's friendly name was <em>Wildcard certificate valid till XXXXX date</em></p> <p>So, you need to change the friendly name which will start with <strong>*.</strong></p> <p>To do this,</p> <ol> <li>Select Start –&gt; Run</li> <li>Type in “MMC” and hit enter</li> <li>From the console, select File –&gt; Add / Remove Snap-in</li> <li>Select Certificates from the Add / Remove dialog</li> <li>Select Computer Account when prompt for which certificates the snap-in will manage.</li> <li>Select Local Computer when prompted</li> <li>Click OK to add the Snap-in to the MMC</li> <li>Locate your SSL certificate</li> <li>Double click the certificate</li> <li>Select 'Details' tab and select 'Edit Properties'</li> <li>You should be able to change the friendly name.</li> </ol> <p><img style="width: 400.3944773175543px; height:500px;" src="http://involvenevolve.com/media/1053/changed-friendly-name.png?width=400.3944773175543&amp;height=500" alt="Change certificate friendly name" data-id="3115"></p> <p> </p> <p>Now, if you go back to IIS and try to add/edit bindings, you can now enterHost Name along with selecting wild card certificate</p> <p><img style="width: 408px; height:221px;" src="http://involvenevolve.com/media/1055/editable-host-name.png?width=408&amp;height=221" alt="Hostname textbox is editbale in IIS" data-id="3117"></p> <p> </p> <p>Below article has good information about IIS and certificates:<br><a href="http://blogs.msdn.com/b/varunm/archive/2013/06/18/bind-multiple-sites-on-same-ip-address-and-port-in-ssl.aspx">http://blogs.msdn.com/b/varunm/archive/2013/06/18/bind-multiple-sites-on-same-ip-address-and-port-in-ssl.aspx</a></p> <p>Now, you can also associate the same certificate with multiple websites on same IIS server!</p> Sat, 21 Feb 2015 21:32:25 Z 2015-02-21T21:32:25Z