« C# & Flash Differences: Event Listener Assignments | ^ Main | Grid7 Labs Launches »
Wildcard Cert Install
We had the hardest time installing our wildcard cert. Installing regular certs are easy but a wildcard cert posed a few issues. The process to install the cert for an IIS site is the same whether it is a wildcard or not. The difference is you must manually configure your server bindings. I know…how do you do this and what are they? Those were my first two questions. I know what a binding is but in reference to managing them….{insert scooby doo noise here}.
Since I had such a hard time finding out how to install the wildcard cert I’ll detail the steps here. I’ll start after the point of purchasing your cert which requires you to have started the process of the install in IIS. Jump into IIS, open your site properties, and follow these steps.
- Go to the Directory Security tab
- Click on Server Certificate and click Next to pass the intro screen
- Select “Process the pending request and install the certificate”
- Select your .cer file you received from your SSL provider and finish the steps
Ok. The cert is installed now. To make your life easier on other subdomain sites you may want to follow these steps.
- Click on Server Cetificate and click Next to pass the intro screen
- Select “Export the current certificate to a .pfx file”
- Follow the wizard and same the .pfx file for later retrieval
Now, we’re ready to hook up your subdomains. In our case we have blogs.katapultmedia.com as a separate site in IIS. To install the cert I follow the steps below.
- Go to the Directory Security tab
- Click on Server Certificate and click Next to pass the intro screen
- Select “Import a certificate from a .pfx file” and click Next
- Select the .pfx file from the server and click Next
- Enter the password and click Next
- Set the port and click Next
- Verify the data and click Next twice to finish the wizard
You are done! Well, not really. If you look at your site in IIS it will probably be stopped. The problem is with a conflict between your site and another site in IIS sharing ports and, from what I can tell, the same binding. You won’t be able to start the site until the binding issue is fixed. Let’s do that now.
- Open your command prompt and CD to your Inetpub\AdminScripts folder
- Paste the following: cscript.exe adsutil.vbs set /w3svc/
/SecureBindings “:443: ” - In IIS select the Web Sites branch and you will get a list of all sites. There is a column for Identifier. Replace
with the number from this column. - Replace
, and port if need-be, to the info used to distinguish this subdomain from your main domain; in our case it is blogs.katapultmedia.com - Hit enter and let it do its thing
- If no errors, go back to IIS and start your site
Now…you’re done! :-) So you have a reference, here is hbow our command prompt looked during install. We replaced our site identifier with ########## just for this blog post in case that is a security issue. I don’t know but don’t want to find out either.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\>cd inetpub
C:\Inetpub>cd adminscripts
C:\Inetpub\AdminScripts>cscript.exe adsutil.vbs set /w3svc/##########/SecureBindings ":443:blogs.katapultmedia.com"
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
SecureBindings : (LIST) ":443:blogs.katapultmedia.com"I hope this helps someone when they need to install a wildcard cert. You can read more on server bindings on Microsoft TechNet.
Posted by John C. Bland II on February 14, 2006 5:04 PM | Permalink
TrackBack
TrackBack URL for this entry:
http://mt.katapultmedia.com/mt-tb.cgi/27