Using IIS 10 and a Centralized Certificate Store, is it possible to have a wildcard https binding, so that any request coming in over HTTPS will automatically attempt to grab the relevant certificate from the centralized store?
IIS – Wildcard HTTPS Binding with Centralized Certificate Store
iis
Best Answer
It depends on your definition of "wildcard".
IIS searches the CCS (Centralized Certificate Store) not based on the SNI name, but based on the binding name. Therefore it is not possible to have a catch-all binding with the CCS.
However, the CCS does support wildcard PFX files when a file starts with
_.
. Therefore, if you have a site with the bindingblog.example.com
, it will use the_.example.com.pfx
file if present.With IIS 10, we now also have wildcard binding support. Therefore, you can make a binding
*.example.com
and this will indeed work with the_.example.com.pfx
file as well.