Tuesday, 24 July 2007

To setup SSL on multiple Sharepoint 2007 web applications using host headers under IIS 6.0

I am frequently required to setup several web applications on my development box and for convenience almost without fail will use host headers to distinguish between them rather than configure and maintain multiple IPs.

This approach serves well until secure http is required and I need to assign SSL certificates to my web applications.

If you have ever tried this you will know that the IIS Manager does not have anywhere to allow you to specify a host header when configuring the SSL for the web application.

The solution I use goes as follows:

1) Install the IIS Resource Kit for IIS 6.0 - it comes packaged with a selfssl utility to generate self-signed certificates. (Of course, feel free to generate them with Perl scripts or any other method since they are not from trusted sources they're only useful for dev and testing purposes anyways.)

2) Create/extend the required web applications using the Administration interface of MOSS (ensuring to select 'Use SSL').

3) Use the selfssl utility to generate and assign a certificate to the first of your web applications as follows:

selfssl /N:CN=*.mydomain.com /K:1024 /V:3650 /S: /P:443

This will generate a 3650 day certificate with a 1024 bit key and assign it to the web application with the site id supplied.

4) Use IIS Manager to assign the same certificate to the other web applications.

5) If you restart IIS at this point only 1 of your sites will actually start - you still need to manually configure the secure bindings for the remaining sites:

cscript.exe C:\Inetpub\AdminScripts\adsutil.vbs set /w3svc//SecureBindings ":443:"

This will set the secure bindings for the site identified on the supplied host header.

6) If you wish you can also now configure the web applications in IIS Manager to require SSL.

7) iisreset and you're done....

No comments: