Archive for July, 2011

Sometimes when using a wildcard SSL or Unified Communications Certificate (UCC) it is necessary to add multiple https host headers for a single IP. Unfortunately the IIS 7 GUI does not allow you to set a host header on a https binding however this can be achieved using the “appcmd” command.

1. First bind the certificate to one site as normal by adding the https binding through the IIS GUI.

2. Open a command prompt and navigate to C:\Windows\System32\Inetsrv\ using the command below:

cd C:\Windows\System32\Inetsrv\

3. Enter the following command to manually set the binding bearing in mind the notes below:

appcmd set site /site.name:"SiteNameInIIS" /+bindings.[protocol='https',bindingInformation='IP.Add.re.ss:443:www.example.com']

Make sure to change the following values on the command above accordingly:

SiteNameInIIS: The site name exactly how it appears in IIS. For instance “example.com”.

IP.Add.re.ss: The IP used by the site.

www.example.com: The desired hostname. Note in most cases there will be one for www and non-www.

Example command:

appcmd set site /site.name:"example.com" /+bindings.[protocol='https',bindingInformation='1.2.3.4:443:www.example.com']

Running the appcmd command from a batch file:

To make this process easier you can use the batch file below. This will prompt you for the site name, IP, and host header value and then make the appropriate host header change.

Save the code as something like “addsslbinding.bat” and then call it from a command prompt by entering the name of the file (ie. “addsslbinding”).


@echo off
echo Enter site name in IIS:
set /p SiteName=
echo Enter IP address:
set /p IP=
echo Enter host header value (ie. www.domain.com):
set /p HostHeader=
C:\Windows\System32\Inetsrv\appcmd set site /site.name:"%SiteName%" /+bindings.[protocol='https',bindingInformation='%IP%:443:%HostHeader%']

Example:

By default 32 bit Windows installs will not be able to utilize more than 4GB of memory. However PAE (Physical Address Extension) can be enabled which allows the OS to see memory beyond 4GB. Note that each individual process is still limited to 4GB of memory, even if the OS can see more than that. The only solution to allow a single process to access more than 4GB is to upgrade to a 64 bit OS.

1. Click Start -> Control Panel -> System

2. Select the Advanced tab

3. Click Settings under “Startup and Recovery”

4. Click Edit

5. The boot.ini file will open in Notepad for editing. The last line of this file should look something like this:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard" /noexecute=optout /fastdetect

Just add “/PAE” to the end of this line so it looks like the example below:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard" /noexecute=optout /fastdetect /PAE

6. Save the file and click OK twice

7. Reboot the server to apply the change.

Even with PAE enabled the OS still has a memory limit. To see the limit for a specific Windows release please refer to:
Memory Limits for Windows Releases

In this example the server is running Server 2003 Standard which has an OS limit of 4GB so enabling PAE would not help. This was just done for demonstrative purposes.