The problem with IIS6 that I have been curious about but up until today never needed a solution for.

The problem I am talking about is that with the IIS 6.0 UI you cannot set a host header on a SSL port for a domain.  You can live a long and happy life with a 1-cert-per-server config but with the case of a wildcard cert (one covering all subdomains of the domain it was purchased for) you really want to be able to take advantage of these extra subdomains.

Consider an example from a server below.  The two sites that are highlighted belong to the same domain - Lets call the red one www.MySite.com and the blue one shop.MySite.com.  There is a wildcard cert installed on the machine for *.MySite.com.

The first one is easy.  Install the cert and assign it to the site.

Setting this on subsequent sites on the same box is where you get the problem.  It can be done, and it isn't hard, you just have to know the trick!

The trick is the adsutil.vbs script that is included when you install IIS.  The default path to find these scripts is: C:\Inetpub\AdminScripts.

The process for assigning a host header for SSL to all subsequent sitess is:

1. Don't assign a SSL port number to the second site.  Leave it on port 80 for now
2. Open a command window and change to the path with adsutil.vbs.
3. Run the following command:  cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"   In our example above the <site identifier> is replaced with the Id of the blue site, 1023406912, and the <host header> is replaced with shop.MySite.com
4. adsutil will assign port 443 to the site, you do not need to reset IIS

TechNet has a rundown of all the things you can do with adsutil.vbs and IIS6, so check it out.  But don't get too attached - the Metabase is not showing up for IIS 7!

Listening To: The Boatman's Call, Nick Cave and the Bad Seeds