On a recent SharePoint project, customer requirements were that I create a number of site collections on a specified web application. Each of these site collections had to be created in their own database and SSL enabled. To host multiple sites on the same IP Address you will need to add a host header for each site collection.
Now, when attempting to add host headers using the IIS Manager interface, you are only able to bind one site on each IP address to port 443 using an SSL certificate. If you try to bind a second site on the IP address to the same certificate, IIS 7.x will give you an error when starting the site up stating that there is a port conflict. Additionally, when assigning the SSL certificate to more than one site or in my case web application (Example: mysite.domain.com and portal.domain.com) this will again result in a conflict and cause the site to stop.
In order to assign a certificate to be used by multiple IIS sites on the same IP address, you will need to set up SSL Host Headers. SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address.
Which type of SSL Certificate?
You can only use one certificate, that certificate needs to work with all the hostnames of the websites that you use it with (otherwise you will receive a name mismatch error). For example, if each of your IIS 7 websites use a subdomain of a single common domain name (Example: site1.mydomain.com, site2.mydomain.com, etc.), you can obtain a Wildcard Certificate for *.mydomain.com and it will secure site1.mydomain.com, site2.mydomain.com, etc.
However, if all your sites are using different domain names (Example: site.mydomain1.com, site.mydomain2.com, etc.), then you will need to obtain a Unified Communications Certificate (these are sometimes referred to as a SAN certificate).
Configuring SSL Host Headers on IIS 7.x
- Obtain an SSL certificate and install it into IIS 7.x
- Next, bind the certificate to the first site on the IP address.
- Launch the Command prompt.
- Navigate to: C:\Windows\System32\Inetsrv\ by typing cd C:\Windows\System32\Inetsrv\ and hitting Enter.
- Run the following command for each site on the IP address that needs to use the certificate:
appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
Note: Replace <IISSiteName> with the name of the IIS site and <hostHeaderValue> with the host header value.
- When accessing the site you should be presented the correct page and the lock icon should be displayed without any errors.
Something you should keep in mind is SharePoint terminology. This of course is a subject in itself and worthy of a blog post in its own right. I will however, highlight the pertinent terms which apply in this case.
Web Application – In layman’s terms a Web Application is an IIS web site and an associated Application Pool extended to use SharePoint. Individual application pools allow the web application to run under a different process on the IIS web server. Web applications allow for the logical separation of SharePoint content. A web application acts as a 'container' for the SharePoint site collections.
The Central Administration site is one example of a web application. Central Administration runs on an arbitrary port number (but can also be set to a desired port during configuration). Standard SharePoint sites typically run on port 80, however they both run under separate processes in IIS. In short, a SharePoint web application will be seen in IIS as an IIS Site.
Site Collection – Sometimes referred to as the Top Level Site or Parent Site or in it's simplest form, Site. A site collection is a container for SharePoint sites (also referred to as a web.) which exists within a specific content database. A site collection contains a single top-level or root site and (optional) child sites. The site collection shares the same owner and administrators, and is the unit of ownership, security, and recoverability.
Note: By default settings set on the Site collection are also applied to the site collection's sub sites.
In a future post I will explain the process for SSL enabling SharePoint and how you will apply the process of configuring SSL Host Headers.