Editing the Host Name field for wildcard SSL certificate bindings in IIS 7

Not only is this the thing that I always forget, it’s the thing that I’ve just learned I didn’t really understand. My colleague Ben just absolutely pwned me about an SSL certificate’s “Friendly Name” field and how it’s used when editing SSL binding in IIS. I was certain that Friendly Name couldn’t possibly be related to getting an editable host name field when you bind multiple Web Applications on the same IP address (assuming you have a wildcard certificate to handle this multiplicity). How it works with SAN certificates I don’t really know, but that’s a topic for another post. At any rate, in this case, I was bashing my head because I couldn’t get an editable Host Name field for my newly-extended Web Application:

As you’ll see below, I had some text in front of my asterisks in the friendly name: “BLAH ” in the screenshot above. Ben adamantly persuaded me that I should try getting rid of that text to see if that would change the behaviour. I scoffed, but submitted to the pressure. I couldn’t see how this attribute (that can be edited in the MMC) could possibly have any effect, but I gave it a go and deleted the “BLAH “.

Actually, it’s worth pointing out that this field can even be edited when a certificate is imported in IIS, not just in the MMC. It’s very easy to wind up putting anything in this field. Anyway… navigating back to the Server Certificates in IIS, I could see that the change was picked up (as it should be, this is just a window in to that certificate store). Then in the IIS Sites, I opened the bindings for my newly-extended Web Application and suddenly the field was editable.

Interestingly, this isn’t the case in IIS8. I reckon the whole thing got an overhaul as part of the SNI support in IIS8:

Ben 1, Tristan 0. Booo. Hope this help someone, or me next time I forget how this works.

Leave a Reply

Your email address will not be published.