Obtaining and Installing a Wildcard Server Certificate

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

A wildcard server certificate works with many SSL sites, because a wildcard (*) is used to stand for the host header name for each of the sites. All SSL-enabled Web sites that use the same IP/port binding and are distinguished only by their host header names must use the same wildcard server certificate.


Not all Certification Authorities (CAs) issue wildcard certificates.


You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".


To obtain a wildcard server certificate

  1. In IIS Manager, expand the local computer, and then expand the Web Sites folder.

  2. Right-click the Web site for which you want to obtain a wildcard server certificate, and then click Properties.

  3. On the Directory Security tab, under Secure communications, click Server Certificate.

  4. In the Web Server Certificate Wizard, click Create a new certificate.

  5. Follow the Web Server Certificate Wizard, which will guide you through the process of requesting a new server certificate. On the Your Site's Common Name page, type a name in the Common name box, using the following format:


    for example, *.contoso.com.

    By default, the certificate request file is saved as C:\Certreq.txt, but the wizard allows you to specify a different location.

  6. Click Finish to complete the wizard.

After you receive the wildcard server certificate from the Certification Authority (CA), assign the certificate on all Web sites that have the same IP/port binding and are distinguished only by host header name.