How to use SSL Certificates with Multiple Subject Alternative Names in MOSS
Some companies do not allow wildcard * SSL certificates – but do allow certificates with multiple subject alternative names. Unfortunately there is not a way to easily implement this in MOSS via the GUI. I had a customer that required this – so I figured I'd share what I found…
First:
Verify all host names are in DNS and correct
Verify you have an SSL cert with the SAN's you need and that certificate is available on each WFE.
Verify all sites are created/extended and currently NOT using SSL.
MOSS is the main site - Default Zone
MOSSANON is the site Anonymous Access enabled - Internet Zone
MOSSEXTRANET is the site that would be FBA or some other auth mechanism - Extranet Zone
Change the AAM's for each zone through Central Administration:
From:
To:
From:
To:
From:
To:
Assign the certificate to all 3 websites - only the first one applied will start - this is to be expected.
One each WFE navigate via command prompt to <System Drive>:\Inetpub\AdminScripts
Type the following command at the command prompt for each host header in this format :
cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"
NOTE: Site Identifier can be obtained in the IIS MMC:
So in our example:
cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:moss.litware.com"
cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:mossanon.litware.com"
cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:mossextranet.litware.com"
Run IISRESET
Repeat this on the other WFE's
Verify all sites are responding:
Troubleshooting:
Follow sequence of steps in specified order – very important!
Verify all sites are started in IIS and no errors reported.
Verify by Viewing the SSL cert on each website that the SSL cert has a matching private key.
