Multiple SSL certificates on IIS using host headers

In IIS SSL sites have seemed to be limited to only one site per network interface, since you (from IIS Manager) cannot specify a host header binding on the HTTPS protocol.

It turns out, that it is only a limitation in the UI. So to have e.g. two sites with their own dedicated SSL certificate we need to add a host header binding on port 443 from either appcmd, managed code or by editing the applicationHosts.config file.

I like managed code the most, so I’ve written a small method in C# that does the trick. You need to have two SSL certificates named and installed on the machine. I just created a self signed certificate for both of them using the IIS Manager.

using System.Security.Cryptography.X509Certificates; using Microsoft.Web.Administration; namespace IisSsl { class Program { staticvoid Main(string[] args) { using (ServerManager _serverManager = new ServerManager()) { string siteName = "SSL2"; string certName = ""; X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); X509Certificate2 certificate = store.Certificates[0]; Site site = _serverManager.Sites[siteName]; if (site != null) { site.Bindings.Add("*:443:" + certName, certificate.GetCertHash(), store.Name); } store.Close(); _serverManager.CommitChanges(); } } } }

Remember to add a reference to C:\Windows\System32\inetsrv\Microsoft.Web.Administration.dll in order to use the ServerManager class.