Consider the following scenario. You want to set up shared configuration for 2 Internet Information Services (IIS) servers. For the purpose of this example they are named Server A and Server B. You are going to have 2 different web sites, here named Site1 and Site2. Both of these websites are going to use their own dedicated IP addresses as shown below:
Server A --> Site1 --> 10.10.10.1 Server A --> Site2 --> 10.10.10.2
Server B --> Site1 --> 10.10.10.3 Server B --> Site2 --> 10.10.10.4
Now, you configure Server A & B for shared configuration, however you run into a unique situation when it comes to the web site bindings. Web site bindings configuration typically looks like the example below in an applicationHost.config file:
As you can see there is nothing that identifies the web server by its name (for example Server A). So when you bind “Site1” to 10.10.10.1 on server A, these settings are also replicated for Server B. But Server B’s NIC card does not recognize the 10.10.10.1 IP address. You in fact want to bind 10.10.10.3 to the “Site1” on port 443 and 80 for Server B.
To overcome this situation, you need to manually add extra bindings for each website. For example, you will need to add additional bindings for IP 10.10.10.3 and port 443 on Server A, even though Server A does not understand 10.10.10.3. This is fine, since IIS on Server A will simply ignore that IP when starting up, as it cannot find it. You can use the following appcmd.exe command to add this binding:
appcmd.exe set site /site.name:Site1 /+bindings.[protocol='https',bindingInformation='10.10.10.3:443:']
Note: The IIS Manager user interface will not let you do this for https; you must use the appcmd.exe tool
Once you add this binding using appcmd.exe, your new configuration in the applicationHost.config will look like the following:
Remember, you have not yet assigned an actual certificate to this site. You have just added the IP bindings for port 443. You can now assign an existing certificate using the IIS manager UI. The following article can help you do so:
Once you have assigned a certificate, the entries will be configured in http.sys and you will be able to view them using the following NETSH command from a command prompt:
netsh http show sslcert
Similarly, follow the above steps and logic to add the rest of your sites and certificates to the remaining server(s). Note that SSL certificate information is never stored in the applicationHost.config file. It is local to the machine and it is the responsibility of the server administrator to make sure to export and import the correct certificates on all of the servers in the farm that are using shared configuration.
You can learn more about managing shared configuration here,
shared configuration SSL IP site Bindings port 443 centralized