Configuring SSL Bindings Directly for Http.sys

I ran into an issue today with how the IIS 7.0 admin GUI deals with SSL certificates when assigning bindings to web sites. I had two websites that I was binding to the same IP address, but I was using different ports for each (including different ports for SSL). Even though I was using a different SSL port for the second website, it was telling me that my certificate was already in use by another website and that changing the setting would affect the other site. The strange thing was, I was using two completely different certificates. Why in the world would it tell me my certificate was in use on the other website, when it clearly was not? Changing the SSL settings on one site would end up deleting the settings on the other site. After searching online, I found out that there are some known bugs with how the admin GUI deals with bindings and SSL in general. By settings the bindings on the command line, I was able to work around the issue.

Below are some useful command line commands that can assist in creating SSL bindings manually.

To list SSL certificates in use, with their bindings:

netsh http show sslcert

Bind an SSL certificate to a port number:

netsh http add sslcert ipport=0.0.0.0:8443 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

certhash is the thumbprint of the certificate (found on the properties of the certificate)
appid is the GUID of the owning application

See also: How to: Configure a Port with an SSL Certificate

Update:

I later discovered that my issue was due to a stopped website in IIS that I had overlooked which was using duplicate IP/port settings. Nevertheless, this post still has useful information that can be used for troubleshooting.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *