IIS7: can't set host name on site with SSL cert and port 443

Solution 1:

Its does work in GUI...

Just make sure the the 'friendly name' of the cert you are installing is the same as the multidomainname you have made for the cert.

ie. *.companydomain.com

if you put in 'Nice friendly name' for *.companydoman.com cert, when installing the cert into IIS, it will grey out the host name header box.

If you use *.companyname.com as the friendly name, you're golden.


Solution 2:

You can't do it from the UI, you have to do it from the command line. Here's a nice walk through of the process:


Solution 3:

The short answer is that each IP can only have one certificate bound to it, so the certificate binding is going to apply no matter what hostname is directed to that IP address. Being able to specify a hostname would imply that you can have multiple hostname and certificate combinations on the same IP address and port (as you can with non-SSL entries), but this is not the case, so the field is unavailable.

The more complete explanation is that SSL encrypts your traffic, and part of that traffic is the HTTP headers sent by the browser to the server. One of those headers would be the "Host" header which IIS uses to determine which site to load up with the request. Since the certificate needs to be loaded to establish the secure connection BEFORE the request headers are sent, IIS has to select the certificate based only upon the IP address and port number, leaving the "Host" header out in the cold as a factor in determining which site to load, so they don't let you enter one.

Here is an article which outlines the inner workings of the SSL connection in finer detail.

Solution 4:

The SSLShopper answer did not work for me because it left the binding without the host header, and you couldn't remove that binding without breaking the connection to the certificate. Here is the method I used to get it to work:

Please note that this answer assumes that your certificate has already been generated, added to the certificate store, and added to IIS. It also assumes you do not want any other bindings to your website besides the SSL one.

First, we need to gather some information. We need the hash, the application ID and the host name.


  1. Open IIS, select your server and double click on "Server Certificates" in the bottom section. Note the "Issued To" address. This is our host name. Save this.
  2. Select your site
  3. Bind your site to port 80 using the http protocol
  4. Remove all other bindings
  5. Bind your site to port 443 using the https protocol
  6. Open a command prompt

    netsh http show sslcert
  7. Save the Certificate Hash and the Application ID

  8. Remove the https binding on your site
  9. At the command prompt:

    netsh http add sslcert ipport= certstorename=my certhash=<put Certificate Hash here> appid={<put Application ID here>}
    appcmd set site /site.name:"<put site name here>" /+bindings.[protocol='https',bindingInformation='*:443:<put host name here>']

Note: Appcmd.exe can be found in C:\Windows\System32\inetsrv. You may need to be in that folder for this command to work.

  1. Remove the http binding from your site

Solution 5:

The accepted answer here is confusing and I don't think it's correct for the question. It shouldn't be the accepted answer.

The problem

You have a wildcard SSL such as *.ipsum.com and the certificate is installed but you can't choose a host name for the site in IIS when you try to add an HTTPS binding because the text box is greyed out.

The solution

Your wildcard SSL can be used with any subdomain, you just need to make sure you start the Friendly Name of the certificate with *. I prefer to use the same friendly name as the wildcard domain, e.g. *.ipsum.com but you can call it anything that beings with the asterix: *foo

I gave my certificate the wrong Friendly Name, help!

Since Windows 8 or Server 2012, you can type certlm.msc in the start menu to manage certificates for the local machine. On previous versions of windows you will need to do something slightly more convoluted:

  1. Run mmc.exe from start
  2. Go to File menu and choose Add/Remove Snap-in... or hit (Ctrl-M)
  3. Highlight the Certificates snap-in and hit Add > then choose Computer Account followed by Local Computer in the subsequent dialogs then hit Finish followed by OK to close the Snap-ins window

In the main window, expand Certificates (Local Computer) then Personal then Certificates and you will be able to right-click the certificate, hit Properties where you can update the friendly name.

Close and open IIS Manager and you can then set your host name.