Server Name Indication (SNI) with IIS 7.5

Using virtual hosts with HTTPS (so called “Server Name Indication”/SNI) is officially not supported by Microsoft’s Internet Information Services IIS. However, there is a workaround which has been documented on YouTube: http://www.youtube.com/watch?v=zVCmzBfx3BEHere are the steps:

  1. Edit the site’s binding and add an HTTPS Binding. Ignore the host header now, this will be added later.
  2. Open a command prompt (cmd).
  3. Change directory to C:Windowssystem32inetsvr
  4. Enter the following command (replace “Your Site Name” and “www.yoursite.com” with the appropriate values): appcmd set site /site.name:”Your Site Name” /bindings.[protocol=’https’,bindingInformation=’*:443:’].bindingInformation:*:443:www.yoursite.com

Update: Unfortunately, this doesn’t seem to be a solution for  SNI. IIS can only bind certificates to IP addresses, not hosts. So if you change the certificate for one site on one IP address, all sites hosted on this IP address will be updated as well. So far, the only solution to use different certificates with a single IP address is to use different TCP Ports. However, the guide above allows you to set up multiple SSL hosts sharing one certificate on one IP address/port.

One thought on “Server Name Indication (SNI) with IIS 7.5”

  1. Thanks for this – it works. If you are getting an error about the site object not being found be sure to add quotes right inside the square brackets like this: ..[“protocol=’https’,bindingInformation=’*:443:'”] .. Also note that this website converts double/single quotes to prettier symbols that might be rejected.

Leave a Reply

Your email address will not be published. Required fields are marked *