http://blogs.technet.com/blairb/archive/tags/SharePoint/default.aspxTags: SharePointen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/blairb/archive/2008/01/11/how-to-use-ssl-certificates-with-multiple-subject-alternative-names-in-moss.aspxFri, 11 Jan 2008 19:44:03 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2736807blairb3http://blogs.technet.com/blairb/comments/2736807.aspxhttp://blogs.technet.com/blairb/commentrss.aspx?PostID=2736807http://blogs.technet.com/blairb/rsscomments.aspx?PostID=2736807<p style="margin-left: 1pt">Some companies do not allow wildcard * SSL certificates – but do allow certificates with multiple subject alternative names. Unfortunately there is not a way to easily implement this in MOSS via the GUI. I had a customer that required this – so I figured I'd share what I found…<br/><br/>First:<br/>Verify all host names are in DNS and correct <br/>Verify you have an SSL cert with the SAN's you need and that certificate is available on each WFE. <br/>Verify all sites are created/extended and currently NOT using SSL.   </p><p style="margin-left: 1pt"><img src="http://blogs.technet.com/blogfiles/blairb/011108_1643_HowtouseSSL1.png" alt=""/> </p><p style="margin-left: 1pt">MOSS is the main site - Default Zone <br/>MOSSANON is the site Anonymous Access enabled - Internet Zone <br/>MOSSEXTRANET is the site that would be FBA or some other auth mechanism - Extranet Zone <br/><br/>Change the AAM's for each zone through Central Administration: <br/><br/>From: <br/><img src="http://blogs.technet.com/blogfiles/blairb/011108_1643_HowtouseSSL2.png" alt=""/> </p><p style="margin-left: 1pt">To: <br/><img src="http://blogs.technet.com/blogfiles/blairb/011108_1643_HowtouseSSL3.png" alt=""/> </p><p style="margin-left: 1pt">From: <br/><img src="http://blogs.technet.com/blogfiles/blairb/011108_1643_HowtouseSSL4.png" alt=""/> </p><p style="margin-left: 1pt">To: <br/><img src="http://blogs.technet.com/blogfiles/blairb/011108_1643_HowtouseSSL5.png" alt=""/> </p><p style="margin-left: 1pt">   </p><p style="margin-left: 1pt">From: <br/><img src="http://blogs.technet.com/blogfiles/blairb/011108_1643_HowtouseSSL6.png" alt=""/> </p><p style="margin-left: 1pt">To: <br/><img src="http://blogs.technet.com/blogfiles/blairb/011108_1643_HowtouseSSL7.png" alt=""/> </p><p style="margin-left: 1pt">     </p><p style="margin-left: 1pt">Assign the certificate to all 3 websites - only the first one applied will start - this is to be expected. <br/><br/>One each WFE navigate via command prompt to &lt;System Drive&gt;:\Inetpub\AdminScripts <br/><br/>Type the following command at the command prompt for each host header in this format :<br/><br/><span style="font-family:Courier New">cscript.exe adsutil.vbs set /w3svc/<em>&lt;site identifier&gt;</em>/SecureBindings ":443<em>:&lt;<span style="color:black"><strong>host</strong></span> header&gt;</em>" </span> </p><p style="margin-left: 1pt">NOTE: Site Identifier can be obtained in the IIS MMC:   </p><p style="margin-left: 1pt"><img src="http://blogs.technet.com/blogfiles/blairb/011108_1643_HowtouseSSL8.png" alt=""/> </p><p style="margin-left: 1pt">       </p><p style="margin-left: 1pt">So in our example: <br/><br/><span style="font-family:Courier New">cscript.exe adsutil.vbs set /w3svc/&lt;site identifier&gt;/SecureBindings ":443:moss.litware.com" <br/>cscript.exe adsutil.vbs set /w3svc/&lt;site identifier&gt;/SecureBindings ":443:mossanon.litware.com" <br/>cscript.exe adsutil.vbs set /w3svc/&lt;site identifier&gt;/SecureBindings ":443:mossextranet.litware.com" </span> </p><p style="margin-left: 1pt">Run IISRESET </p><p style="margin-left: 1pt"><strong>Repeat this on the other WFE's <br/><br/></strong>Verify all sites are responding:   </p><p style="margin-left: 1pt"><img src="http://blogs.technet.com/blogfiles/blairb/011108_1643_HowtouseSSL9.png" alt=""/> </p><p style="margin-left: 1pt">     </p><p style="margin-left: 1pt"><strong>Troubleshooting: </strong> </p><p style="margin-left: 1pt">Follow sequence of steps in specified order – very important!<br/>Verify all sites are started in IIS and no errors reported. <br/>Verify by Viewing the SSL cert on each website that the SSL cert has a matching private key. </p><img src="http://blogs.technet.com/aggbug.aspx?PostID=2736807" width="1" height="1">SharePointSecurity