The “host name” can be set of a site in IIS v7.5 when a wild-card certificate (*.mysite.net) is used. See below:
Instead of a wild-card certificate, it is possible to obtain a certificate issued to a certain host name (env-live.mysite.net). At this point we do not have any other choice but set the host name for the site as “env-live.mysite.net” in IIS.
Now consider a scenario where a SSL certificate issued to “web-test-stage.domain.local” host name. It is possible that this certificate is installed in a server called “web-test-stage”. The IIS manager will not let you set the host name in this scenario. See below:
- https://AcerUser-PC or
- https://IP Address of AcerUser computer
Now, you might wonder is it worth worrying about this? I think this is something we should keep in mind.
The client accessing the web site must use the host name (I think). So, a user trying to access the site should not use the IP address. I think this make perfect sense in a case where multiple sites are hosted at the same IIS (IP address).
The way we can set the host name is through the command line. Open command prompt as an administrator and navigate to C:\Windows\System32\inetsrv folder.
Thereafter execute the following command.
appcmd set site /site.name:TestSite /bindings.[protocol='https',bindingInformation='*:443:'].bindingInformation:*:443:AcerUser-PC
Return to IIS and refresh the site.
By selecting the “Edit Site Bindings” we can see that the
host name header is set. But if we edit this property “host name” text box is
disabled.
We must be very careful at this point. Do NOT click “OK” as
it clears the host name.
I agree that the scenario I discussed here is pretty strange
and you may never come across such a requirement. But we must keep in mind the best practises of IIS security
which requires a host name for a site.
To be honest, I am not very keen on implementing this in a
production environment as it deviates from the standard IIS configuration (but its worth knowing...)
No comments:
Post a Comment