Wednesday, December 19, 2012

Problems When Renewing a Multi-domain SSL Certificate on IIS 7

Last weekend, I needed to renew my multiple domain SSL certificate on my IIS 7 server. The IIS manager just did not work right, and the process was a little complicated. So I would like to share my experience here, hoping that it will help others faced with the same situation.
First of all, how do I know which version of IIS I was running? When you are hosting multiple domains, the default IIS website home page is not likely going to be the IIS start page. So checking the default website home page usually does not work. I opened Windows Task Manager, and selected "Show processes from all users":


  
Then I right clicked on "w3wp.exe", and on its popup menu, I clicked on "Properties":


  
Then I clicked on the "Details" tab:


  
I see that the version number is 7.5…

Now about the SSL certificate installation.

First I installed my new multi-domain certificate by clicking on the "Server Certificates" icon in the IIS Manager Home pane.



The certificate is not applied to any of the websites at this point. I went to the "Bindings…" menu of each website, and edited the https port 443 bindings. I selected the new certificate for each website. I ran into a problem immediately. IIS started to shut down my sites, saying that the port 443 was in use. This is because the "Host name:" field for https binding is always read-only and always blank, even though I had a valid host header value for port 443 before. After the certificate selection, IIS actually changed the host headers to blanks! As a result, all my sites tried to respond to all requests on port 443.

At this point, I had to fix them from the command line. First, I navigated into the "C:\Windows\System32\inetsrv" directory, and then I ran the following command:

appcmd set site /site.name:"IIS Site Name" /-bindings.[protocol='https',bindingInformation='*:443:']

The "IIS Site Name" came from the left pane of the IIS manager. The "-binding" switch removes the binding that does not have a header value specified. Then I ran the following:

appcmd set site /site.name:"IIS Site Name" /+bindings.[protocol='https',bindingInformation='*:443:www.*******.com']

Here www.*******.com is the root of each website URL, in my case each has the form of www.*******.com.

That completed the renewal.

4 comments:

  1. Hello Dr.Tan!

    We believe that your multi domain SSL certificate installation experience will surely help to other SSL certificate holders. We are going to share your SSL installation process at SSL education blog. I wish that entire process will help other users who exactly hold multi domain ssl.


    - Thanks SSL Certificate Provider

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Very nice Post Thank you for sharing.The Comodo EV Multi-Domain SSL certificate  is that the most effective resolution, allowing you to manage and shield multiple sites – with the best level of trust with 256-bit cryptography and authentication – for reasonable.

    ReplyDelete