IIS7 Wildcard SSL certificate host header blocked.

IIS7 Wildcard SSL certificate host header blocked.

I had a problem where there were a number of sites on the same IIS server using the same wildcard SSL cert.  The cert expired and was replaced.  Some complications meant that we removed if via the MMC certificate console.

To get the new cert imported I used the "complete certificate request" and selected the .cer file from the disc.  I chose a descriptive friendly name and clicked finish.  The cert imported OK, but when I tried to bind it to the site, the HOST HEADER was blocked (i.e. grayed out) and could not be changed.  Because this wildcard cert is used with multiple sub domains, this was no good as I could only bind one site.

The answer eventually turned out to be related to the friendly name in the "complete certificate request" wizard.  Apparently this name needs to start with a * so I removed the cert and completed the wizard again, but this time around set the friendly name as the cert CN (i.e. *.mydomain.com).  When I then tried to bind the sites in IIS, the host header box was available for this wildcard cert to allow it's use on multiple sub domains.

Apparently this works for self SSL too, but I didn't try it.