Just another WordPress.com weblog
Host Header Site Collections over SSL
We’ve been working condensing the number of web applications that we’re hosting, and have turned to Host Header based site collections. Doing so over http is quite simple, but since we only host sites via SSL I ran into a few things that I couldn’t really find documented anywhere, and thought I’d share.
The first thing we discovered is that if you use a random port when creating your Web Application you will receive the following error every time you try to create a host header site collection:
“The port specified for the new host header site does not match any known bindings in the specified Web Application. The new site will not be accessible if the Web Application is not extended to an IIS Web Site serving this port.”
This being said the host header site collection works, but if you try to restore content to it you receive the same error. What I found was that if you create your web application as http://site.myurl.com:443 and then change the alternate access mapping setting the default to https://site.myurl.com and intranet as http://site.myurl.com:443 you can create any number of host header based site collections error free.
Once your web application is created, creating the host header based site collection is quite simple, you just run the following:
Create Site in New DB
stsadm -o createsiteinnewdb -url https://hosted1.myurl.com -ownerlogin DOMAIN\username -owneremail firstname.lastname@example.org -sitetemplate STS#1 -hostheaderwebapplicationurl https://site.myurl.com -databaseserver sqlsrv.mydomain.com -databasename WSS_Content-HHSite1
Note: you can use either -hostheaderwebapplication or -hhurl for the switch, both work, but currently (with SP1 installed) if you do a stsadm -help createsite it comes back with -hostheaderwebapplicationurl as the switch.
Once the site collection has been created, you now need to setup the SSL host header. This is rather simple as well, you just open a command prompt and navigate to C:\inetpub\adminscripts (or wherever you’ve placed your inetpub directory) and run the following command:
adsutil.vbs set /w3svc/[identifier]/SecureBindings [IP address]:443:[host header name]
So in example above of having the web app as site.myurl.com and the hosted site as being hosted1.myurl.com. you’d run the following:
adsutil.vbs set /w3svc/123456789/SecureBindings 192.168.1.10:443:site.myurl.com 192.168.1.10:443:hosted1.myurl.com
Note: You seperate each host header with a space.
You also need to ensure that you have a wildcard cert applied to IIS vserver that will cover all Host based site collections that you’re hosting on the associated web application.