Thanks! :)
Comments: ** Comment from web user: deafknight **
Hi Brian and thanks for the response!
I found out that as long as you have the certificate in personal (localmachine/my), autospinstaller correctly handles the bindings (and puts the certificate in the root to boot ;)
This work either with a SAN (aliases) or a wildcard. Your work is awesome.
Now i'm working on two subjects
- the automated importation of certificates into personal
(seems http://www.orcsweb.com/blog/james/powershell-ing-on-windows-server-how-to-import-certificates-using-powershell/ will do the trick)
- what is indeed the correct approach to having several SSL host headers.
What i understood is, you could always dedicate one ip for each ssl site, but you can now use the same IP accross several host headers, either with a wildcard certificate or with a SAN certificate, the latter only if you activate SNI (server name indication).
I'm still working out what is the correct approach, but i noticed you can only activate SNI since 2012 R2 and it has side effects. It's rather a guidance than an issue, truely.
(note: it's this )
# Create new binding with correct SSLFlags, 1 == SNI
New-WebBinding -Name $iisSiteName -HostHeader $iisHostHeader -Protocol "https" -Port 443 -SslFlags 1
This seem to indicate you can bind to a hostname, which would work with a SAN (or even with individual certificates)