browse to the location of the folder containing the version of asp_net regiis such as:
run aspnet_regiis -lk to get the virtual path you will need in the next command. to see which ID matches your website launch IIS manager and under websites you will see a column called “identifier”.
run the command:
aspnet_regiis.exe -norestart -s “W3SVC\1398789133″
To do this in IIS 6, simply open the website properties in IIS 6, select “a redirection to a URL” and enter the URL.
To send querystring values along with your redirect, simply add “$Q” to the end of the URL, such as:
If you would like instructions on how to perform this via IIS 7, let me know and I can upload these screenshots as well.
Note: Foremost, in order to access your site over HTTPS, the HTTP SSL Service will need to be running. This service binds to port 443 and filters HTTP traffic to IIS.
Relatively easy to do in never versions of IIS , but a few more steps in previous.
First, download SSL Diagnostics from MS:
Make sure if you are on 32bit you install the x86 version above or the x64 version if you are on 64 bit.
Once installed, open a cmd prompt.
cd C:\Program Files\IIS Resources\SSLDiag ssldiag /selfssl /N:CN=(certname.com) /V:365 /S:(ID)
This will create a self signed cert with (certname.com) which is good for 365 days. See link below for additional information on other parameters you may need to pass in such as site identifier and key length (default 1024).
If you try to test it right now, you will likely get a “Page Cannot Be Displayed”, “Cannot Find Server”, “Server Cannot be Found” or something to this effect. This is because the port 443 bindings are not yet in place.
To add the port 443 bindings to your site, run adsutil:
cscript.exe "C:\inetpub\AdminScripts\adsutil.vbs" set w3svc/(site id in iis)/SecureBindings ":443:sub.host.com"
To confirm the certificate was added, navigate to your site in IIS and go to:
(right click domain)->Properties->Directory Security->Secure Communications->View Certificate
Multi domain wildcard
Configuring the wildcard certificate, is essentially the same as above, however simply use * for sub domain in your cert creation and binding, and export and add this cert to your other sub domains which will be using it.
Multi domain SAN or UCC
- Certificate Enrollment wizard with an enterprise CA (Using Advanced->Custom Request or New Request->Template)
- Certificate Enrollment wizard with a standalone CA
For more information on configuring your own SAN cert, reference MS Kbase article http://technet.microsoft.com/en-us/library/ff625722(WS.10).aspx
On Linux, the process is IMO a bit easier and simply requires openssl. Since this utility is also available for windows, this method can be used on IIS as well.
SAN Cert/Custom Request, http://techontip.wordpress.com/2011/06/06/how-to-create-a-san-certificate-signing-request-for-iis-web-server/
Page Cannot be Display, http://support.microsoft.com/?id=290391
Debug SSL Connectivity on Intermediary Device, http://support.microsoft.com/?id=290051
Cannot Find Server, http://support.microsoft.com/?id=292296
IIS forums, http://forums.iis.net/t/1147942.aspx
Server 03 pre SP1 HTTP 1.1 host headers bug with SSL, http://support.microsoft.com/kb/187504/EN-US
Configuring Host Headers (IIS6.0), http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true
Configuring Server Bindings for SSL Host Headers, http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8d9f2a8f-cd23-448c-b2c7-f4e87b9e2d2c.mspx?mfr=true
Obtaining/Installing Wildcard certificate (IIS6), http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5d0fb4c2-3333-4fec-82fc-6e15d3733937.mspx?mfr=true
SSL Host Headers in IIS 6, http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html
UCC Certificate Partners, http://support.microsoft.com/kb/929395
How to Create SAN Certificate for Web Server, http://techontip.wordpress.com/2011/06/06/how-to-create-a-san-certificate-signing-request-for-iis-web-server/
OpenSSL SAN Cert, http://lanestechblog.blogspot.com/2009/04/creating-ssl-certificates-with-multiple.html
How to Request a Certificate With a Custom Subject Alternative Name, http://technet.microsoft.com/en-us/library/ff625722(WS.10).aspx
At the time of writing this article, in the latest version of Windows (Vista,7 and Server 2008), IIS management has changed quite a bit.
IIS7 features some very cool remote management capabilities. In an environment where developers may need access to IIS, but not necessarily the server, or too many remote logins to the server fill up the TS licenses, using IIS remote management can save ALOT of your time and money.
Consider the following scenarios:
New site needs to be added to IIS or changes to existing site need to be made.
1) Developer does not have RDP access due to corporate security policies or may be outside consultant, etc and submits ticket/request for new site to be added
2) Count the time delay until ticket is responded, time to form responses and time spent on actual technical changes.
3) If details regarding site changes sent by developer are adequate, IT helpdesk applies the changes and notifies developer setup successful. If additional info is needed, helpdesk must request more information, then repeat steps 2-3 until complete.
Even if only 1% of all sites require follow up, and approximate ticket response and IIS configuration time is lets say 3-4 hours including delay until ticket is received; if you create 50 sites / annually this equates to 150-200 hours spent simply on site setup.
If your company outsources IT helpdesk, or response time is even slower, 12-24 hours, this is now 600-1200 hours of delay at the same rate of 50 sites / annually.
To save time (and money), consider cross-training developers that don’t know IIS, and setup remote administration in IIS7.
Note some Vista and Windows 7 installations do not come with the manager, and it will have to be downloaded from IIS.net.
For walkthroughs on this configuration and more information, see references below.
TrainSignalTraining, “Remote Administration of IIS 7: Install, Configure, Connect”, http://www.trainsignaltraining.com/iis-7-remote-administration
IIS.Net, “IIS Manager for Remote Administration”, http://www.iis.net/download/IISManager
A great many documents, blogs and references exist on IIS which cover it comprehensively. This article simply serves to discuss one aspect – the application pool.
When configuring IIS in an environment that will contain many websites, there are a few important considerations:
- Will each site potentially run different versions of .NET? Sites with different frameworks should not share the same app pool. This will cause a conflict and they will not be functional.
- Is it a large web application that requires many resources? If yes, you may also want to consider creating it’s own app pool, which allows you to manage detailed information regarding how the server prioritizes the site.
The first tab for the app pool properties displays information regarding memory resource usage. If you have multiple sites on a server which are hit very often and would like to force the amount of memory each one uses, you can create an app pool for each and manage it here.
Or if it will be split evenly among various sites, you can create “groups” of app pools with assigned memory and IIS will allocate among children accordingly.
You can also force the worker process to automatically free up memory after specified interval and/or at different times of the day.
The performance tab allows for CPU resource management. Certain sites may have functions that, left unchecked or still under development, can cause excessive CPU load and affect other processes running on the same server.
Max CPU usage can be assigned here setup in conjunction with events to trigger when these scenarios occur.
A remote exploit or overflow attempt of your server can also be secured here by limiting the maximum number of kernel requests.
Idle timeout can help free up CPU for a site that is not very active. Legacy sites or informational areas which are rarely visited are still using a fraction of the CPU usage, and setting an idle timeout can help release some of those resources.
The health tab can help you diagnose potential issues with your site or application. By forcing certain restrictions such as maximum failures and/or maximum failures within a specific time period, as well as enabling pinging, you can check for periods of down time or help identify timeout issues a specific web service may be experiencing.
This tab works well in conjunction with third party testing tools used to benchmark and stress test your site, application or service.
Depending on the size and nature of your infrastructure, you may want to configure certain application pools to run under different credentials. For highly security conscious people this can theoretically reduce the likelihood of certain privilege escalation techniques that may be executed in the event of a remote application pool exploit.
Hope the above information was helpful. This was a condensed version based on a similar article I read on Windows Networking. See reference below for full article.