Binding multiple domains to a wildcard SSL on a single IP in IIS 7.5


Microsoft was good to the people of interwebs land when they released IIS 7.5; The added functionality that allows you to map wildcard SSL certificates to multiple websites on a single IP really helps keep the need for IP address wastage down when running multiple SSL sites on multiple child sub domains. There a slight road block you need to look out for and that is the GUI itself.

image Say what now? Single IP SSL you say?

The way IIS binds multiple website hostnames to a single SSL certificate on a single IP is similar to the way it does for non-SSL. It uses HTTP 1.1 style hostname checking. “How” do you say? it maps a single IP to an SSL certificate, then once the incoming request has been un-encrypted, it then hands off the request to the associated site. Pretty cool if you ask me.

So if you have a wildcard SSL for the domain


And you want to host multiple sites:

You only need a single IP address! Usually you would need 3!

The Slight Problem

The commands to do this work fine, as long as you stick to using the faithful appcmd command line IIS application, but if you take the usual n00b approach of using the GUI to setup your IIS websites or happen to edit the SSL bindings for any of the sites that have been setup, you will break all the other sites that have been bound to your wildcard SSL certificate.

Take this onboard and remember it:

Buyer beware!

Get on with the show already!

In order to make this happen you need to follow this precisely:

  1. Bind the server to the IP address you want to run your sites on
  2. Import the SSL certificate into IIS, and make sure you check the box marked to make the SSL certificate exportable (this is a must, as there is a bug in IIS 7.5 here)
  3. Create the website you want to use a wildcard on a single IP for and give it a normal HTTP binding
  4. Open an elevated command prompt window and move to C:\Windows\System32\inetsrv
  5. Type the following and fill in the blanks minus the curly brackets

    appcmd set site /{SITE NAME AS PER IIS GUI} /+bindings.[protocol='https',bindingInformation='{IP ADDRESS TO BIND TO}:443:{HOSTHEADER OF WEBSITE}']

  6. Enjoy having more than one SSL website on a single IP!