Configuring Server Bindings for SSL Host Headers

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

In addition to installing a wildcard server certificate on SSL-enabled Web sites, you must also configure the SecureBindings metabase property on each site so it contains the host header name of the site. All SSL-enabled sites that use the same IP/port binding and are distinguished only by host header name must use the same wildcard server certificate.


You must configure secure bindings for all SSL-enabled Web sites that use the wildcard server certificate to prevent unauthorized use of the certificate.


You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /user:MyComputer</STRONG>Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).


To configure the SecureBindings metabase property for SSL host headers

  1. Click Start, click Run, type


    in the Open box, and then click OK.

  2. Type the following command at the command prompt:

    cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"

    where host header is the host header for the Web site, for example, or