« Previous Next »

• 07-22-2009, 1:48 PM

  snaveen_333 Joined on 07-22-2009, 5:33 PM India Posts 7

  Host Headers SSL configuration with different IP address and same port 443 Reply Contact Hi,  I have a requirement to configure two different sites on a single machine with OS Windows 2003 and IIS 6 using SSL. I have opted for Host Headers approach. For testing on my local machine, the machine is in a organization LAN which is DHCP enabled which provides the first ip address. I have installed Microsoft Loop Back Adapter for second ip address.  I am able to access the sites individually on port 80 without SSL . Also, I am able to access and configure both sites individually on SSL on different IPs. But I am not able to configure both the sites with different Server Certificates with different IPs and same port 443 together at a time. Can anybody please help? with regards, Naveen Developer

  Tags: SSLIIS 6.0host headers

• 07-22-2009, 4:19 PM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,222

  Re: Host Headers SSL configuration with different IP address and same port 443 Reply Contact Your post has contradictions so I'm not sure if there's a typo in there.  You can not use host headers for multiple sites with SSL - each site must have its own IP. (unless of course they are from the same domain and you are using a wild card cert) Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 07-23-2009, 12:37 AM

  In reply to

  snaveen_333 Joined on 07-22-2009, 5:33 PM India Posts 7	Re: Host Headers SSL configuration with different IP address and same port 443 Reply Contact  Thanks for the response TOM.   Based on your comments, I assume we can create two different sites on a single IIS 6 (with out host headers) with different IPs and configure SSL with two different certficates on same port 443. with regards, Naveen Developer

• 07-23-2009, 10:39 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,222	Re: Host Headers SSL configuration with different IP address and same port 443 Reply Contact That is correct. Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 07-24-2009, 5:00 AM

  In reply to

  snaveen_333 Joined on 07-22-2009, 5:33 PM India Posts 7

  Re: Host Headers SSL configuration with different IP address and same port 443 Reply Contact  It is not working for me. One IP address is my organization IP address which is DHCP enabled. Second IP address is from Microsoft Loop Back Adapter (with default configuration).The IP configurations are as below :  Windows IP Configuration Ethernet adapter Local Area Connection:    Connection-specific DNS Suffix  . : <organization domain>    IP Address. . . . . . . . . . . . : 10.136.123.197    Subnet Mask . . . . . . . . . . . : 255.255.255.224    Default Gateway . . . . . . . . . : 10.136.123.193 Ethernet adapter Local Area Connection 2:    Connection-specific DNS Suffix  . :    Autoconfiguration IP Address. . . : 169.254.25.129    Subnet Mask . . . . . . . . . . . : 255.255.0.0    Default Gateway . . . . . . . . . :  I have created one SSL as below :  C:\Program Files\IIS Resources\SelfSSL>selfssl.exe /T /N:CN=test.site.com /V:100 /S:1  Second SSL  as below :   C:\Program Files\IIS Resources\SelfSSL>selfssl.exe /T /N:CN=test1.site.com /V:100 /S:959657485  No Host Headers configured for both the sites.  I have configured "hosts" file in Windows to point to separate IP address. Also the sites are configured to respective IP addresses for port 80 and 443.  Do I need to do anything else? with regards, Naveen Developer

• 07-24-2009, 11:16 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,222

  Re: Host Headers SSL configuration with different IP address and same port 443 Reply Contact snaveen_333: It is not working for me What does that mean?  What happens? You may also need to disable socket pooling: http://support.microsoft.com/kb/238131 Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 07-28-2009, 9:13 AM

  In reply to

  snaveen_333 Joined on 07-22-2009, 5:33 PM India Posts 7

  Re: Host Headers SSL configuration with different IP address and same port 443 Reply Contact I have tried the suggestion in the link. The first website (which was configured first with SELFSSL) gives "Internet Explorer cannot display the webpage". The second site is working fine. Please check if the following info is useful in any way :  C:\Inetpub\AdminScripts>httpcfg query ssl     IP                      : 10.136.123.197:443     Hash                    : 45 013638d70cf4b3c693ce7ec7323be1c258a a     Guid                    : {4dc3e181-e14b-4a21-b022-59fc669b0914}     CertStoreName           : MY     CertCheckMode           : 0     RevocationFreshnessTime : 0     UrlRetrievalTimeout     : 0     SslCtlIdentifier        :     SslCtlStoreName         :     Flags                   : 0 ------------------------------------------------------------------------------     IP                      : 169.254.25.129:443     Hash                    : b6 2104f96344bf6fdc7a3ef33c4cfaa10dc1cb8     Guid                    : {4dc3e181-e14b-4a21-b022-59fc669b0914}     CertStoreName           : MY     CertCheckMode           : 0     RevocationFreshnessTime : 0     UrlRetrievalTimeout     : 0     SslCtlIdentifier        :     SslCtlStoreName         :     Flags                   : 0 ------------------------------------------------------------------------------ C:\Inetpub\AdminScripts>httpcfg query iplisten     IP                      : 10.136.123.197:443 ------------------------------------------------------------------------------     IP                      : 169.254.25.129:443 ------------------------------------------------------------------------------  Can I check anywhere why the first request is failing? with regards, Naveen Developer

• 07-28-2009, 9:34 AM

  In reply to

  Rovastar Joined on 03-13-2008, 2:00 PM London, UK Posts 1,777	Re: Host Headers SSL configuration with different IP address and same port 443 Reply Contact Try using ssl diag to get more info. http://www.microsoft.com/downloads/details.aspx?familyid=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en   http://www.iisportal.com

• 07-28-2009, 10:42 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,222

  Re: Host Headers SSL configuration with different IP address and same port 443 Reply Contact snaveen_333: Internet Explorer cannot display the webpage This is meaningless.  Make sure friendly error messages are disabled in IE and report back with the detailed error ... Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/