Just because I wanted to have this documented for myself, let's setup SSL on IIS 6 so that it uses * Certs. This is only required if using host headers.
To obtain a wildcard server certificate
- In IIS Manager, expand the local computer, and then expand the Web Sites folder.
- Right-click the Web site for which you want to obtain a wildcard server certificate, and then click Properties.
- On the Directory Security tab, under Secure communications, click Server Certificate.
- In the Web Server Certificate Wizard, click Create a new certificate.
- Follow the Web Server Certificate Wizard, which will guide you through the process of requesting a new server certificate. On the Your Site's Common Name page, type a name in the Common name box, using the following format:
*.{sitename}
for example, *.somesite.com.
By default, the certificate request file is saved as C:\Certreq.txt, but the wizard allows you to specify a different location.
- Click Finish to complete the wizard.
- Submit the cert to your signing authority (read == Money).
To create the metabase bindings
- Click Start, click Run, type cmd in the Open box, and then click OK.
- Type the following command at the command prompt (the .vbs is in inetpub\adminscritps):
cscript.exe adsutil.vbs set /w3svc//SecureBindings ":443:" where host header is the host header for the Web site, for example, test.somesite.com and site identifier corresponds to the number shown in the IIS admin. You can set up as many bindings as required, if recollection serves, it's delimited by colons. So, it would be ":443:{host header1}:443:{host header n}"
If that is the case, this is somewhat of a Holy Grail in terms of the capability of Windows. In the past it has always been One IP per One SSL Certificate.
Josen
So, the easiest solution (well, most practical) was to just use a wildcard cert and manually assign it into the metabase. The other pain wildcard certs cannot be exported. Each machine in the cluster had to generate its own cert.
I actually support a server that has a wildcard certificate with a wildcard dns and the application sorts out which 'site' you meant based on the domain name, accomplishes the same thing sort of. It makes clustering all but impossible though.