Configuring SSL Host Headers

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Organizations that host multiple Web sites on a single server often use host headers to create multiple Web sites without requiring a unique IP address for each site. For more information about hosting multiple Web sites on a single server, see Hosting Multiple Web Sites.

You can configure Web sites that use host headers to serve protected content over a Secure Sockets Layer (SSL) connection, that is, a connection that uses https:// instead of https://. To use SSL with host headers, you must obtain and install a wildcard server certificate. After you configure SSL host headers for a Web site, protected content is served only over an https:// connection.

Important

The following conditions apply to the use of SSL host headers:

• SSL host headers cannot be configured by using the IIS Manager UI.

• Using SSL host headers requires that the wildcard certificate be installed on each Web site from which you want to serve protected content. This adds overhead to site management, because you must manually ensure that multiple sites are kept in sync with each other.

• You must configure secure bindings for each Web site that uses the wildcard server certificate to prevent unauthorized use of that certificate.

This section includes the following information:

• Obtaining and Installing a Wildcard Server Certificate: Describes how to request a wildcard server certificate and install it on a Web site.

• Configuring Server Bindings for SSL Host Headers: Describes how to configure the SecureBindings metabase property to create SSL host headers for each Web site that you want to enable to use the wildcard server certificate.

• Ensuring That Secure Content Is Served Over HTTPS Only: Describes how to prevent unauthorized Web sites from using the wildcard certificate.