Configuring SSL Host Headers

Host headers in IIS are a way to associate multiple names with a single address. The typical use of host headers is to be able to host more than one web site at a single IP address by giving each of the web sites a distinct DNS name. Host headers also play a role in WCF beyond the definition of a web site. Metadata for a web service, such as that appearing WSDL, uses host headers as a way to pick a preferred name when talking about the service.

The user interface for setting host headers is relatively straightforward when the web site is hosted over HTTP but becomes a challenge when the web site is hosted over HTTPS. Here are the command line equivalents that you can use to set HTTPS host headers.

On IIS 6, you need to know the id of the web site. Assuming that SSL is taking place on the default port, the command looks like this.

cscript.exe adsutil.vbs set w3svc/<id>/SecureBindings ":443:<header>"

On IIS 7, the command line looks very different due to the more flexible but complicated support for different web site bindings. You can also use a name that's meaningful for you to distinguish web sites.

appcmd set site /site.name:<name> /+bindings.[protocol='https',bindingInformation='*:443:<header>']

To keep the example simple, I'm assuming that you're adding a new binding rather than modifying an existing binding.

Next time: Transaction Header Magic

Comments

• Anonymous
  July 09, 2008
  Visual Studio Peter says he is hooked on Brad Wilson&#39;s Dark Visual Studio color scheme and so am

• Anonymous
  July 12, 2008
  Hi Nick - I actually have been meaning to ask you about this - but since you brought it up in your blog - what about this problem - http://www.masteringbiztalk.com/blogs/jon/PermaLink,guid,a960d739-2293-41a8-b5e5-a736bb773815.aspx You say "The user interface for setting host headers is relatively straightforward when the web site is hosted over HTTP"  but the general way of configuring host headers (having one website with multiple host names configured) doesn't seem to work well with WCF.  Is this intentional? If so why? Thanks Jon

• Anonymous
  July 13, 2008
  Yesterday I talked about adding SOAP headers to an outgoing request using a variety of different methods.

• Anonymous
  July 14, 2008
  Hi Jon, This was intentional at the time as a way to simplify the integration between IIS and WCF.  The two platforms are oriented around concepts that seem similar but turn out to clash quite a bit in practice - a web service vs. a web site.  Rather than requiring you to manage the relationships between sites and services, WCF/IIS integration established a fixed relationship.  I think there is some opportunity for making the relationship better in the future, particularly for domain specific cases like REST services.  However, I still think that defining manual relationships in the general case isn't worth the complexity.

• Anonymous
  July 15, 2008
  Thanks Nick,  just looking for confirmation that the way things work are actually intended behavior.  I think in either case (REST or SOAP) especially with ASP.NET AJAX having multiple host names could be pretty common.  On one project I went back to asmx because of this issue, until I discovered (it was Matt Milner's suggestion) to do the multiple web site mapped to the same physical path.

• Anonymous
  December 02, 2008
  The comment has been removed