Configuring Server Bindings for SSL Host Headers
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
In addition to installing a wildcard server certificate on SSL-enabled Web sites, you must also configure the SecureBindings metabase property on each site so it contains the host header name of the site. All SSL-enabled sites that use the same IP/port binding and are distinguished only by host header name must use the same wildcard server certificate.
Important
You must configure secure bindings for all SSL-enabled Web sites that use the wildcard server certificate to prevent unauthorized use of the certificate.
Important
You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /user:MyComputer</STRONG>Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).
Procedures
To configure the SecureBindings metabase property for SSL host headers
Click Start, click Run, type
cmdin the Open box, and then click OK.
Type the following command at the command prompt:
cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"where host header is the host header for the Web site, for example, site2.contoso.com or site4.contoso.com.
Related Topics
For information about preventing unauthorized use of a wildcard server certificate, see Ensuring That Secure Content Is Served Over HTTPS Only.
For information about the SecureBindings metabase property, see SecureBindings Metabase Property.
For information about Adsutil.vbs, see Using the Adsutil.vbs Administration Script.