« Previous Next »

• 10-20-2009, 2:45 AM

  Cheetah1980 Joined on 10-19-2009, 10:25 AM Posts 4	TLS Server Name Indation Support Reply Contact We want IIS to support TLS Server Name Indication, because we want to host multiple secure websites with different certificates on a single ip-address. TLS SNI: http://en.wikipedia.org/wiki/Server_Name_Indication

• 10-20-2009, 2:07 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: TLS Server Name Indation Support Reply Contact This feature is under consideration for the next release of windows. Anil Ruia Senior Software Design Engineer IIS Core Server

• 10-20-2009, 5:31 PM

  In reply to

  Cheetah1980 Joined on 10-19-2009, 10:25 AM Posts 4	Re: TLS Server Name Indation Support Reply Contact Okay, thanks for the quick reply. In the mean time we'll use Linux and OpenSSL.

• 10-21-2009, 8:14 AM

  In reply to

  jeff@zina.com Joined on 09-26-2003, 6:43 AM Naples, FL, USA Posts 2,125

  Re: TLS Server Name Indation Support Reply Contact If you absolutely need multiple certs for sites using a single IP then Linux is your best (perhaps only) option.  I'm of the opinion that sites on a single IP shouldn't be using separate certs, but I've also always resisted using multiple sites on a single IP whenever possible.  I understand that in some situations you have no choice. Jeff Look for Wrox's new book Professional IIS 7 in your local bookstore, or order now at Amazon.com

• 10-22-2009, 2:15 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343

  Re: TLS Server Name Indation Support Reply Contact I had a query regarding that - are you seeing that most of clients connecting to your site support TLS SNI?  One reason for the delay for implementing this in server-side in windows has been the belief that the percentage of clients supporting this is still low (even though latest versions of IE and firefox support it). Anil Ruia Senior Software Design Engineer IIS Core Server

• 11-03-2009, 2:41 PM

  In reply to

  Cheetah1980 Joined on 10-19-2009, 10:25 AM Posts 4

  Re: TLS Server Name Indation Support Reply Contact We need SNI not because we have clients connecting with SSL but because we have to host almost a thousand unique webservers (SOAP XML HL7v3 services) with their own FQDN and SSL certificate on a win2008 IIS7 server for incoming SSL connections from other servers. Without SNI this means we need a unique IP-adress per FQDN/SSL-cert, with SNI we could host all the sites on 1 IP. It’s obvious that 1 IP-adress for incoming SSL services is a lot more efficient and easier to maintain and configure. Add to that that all IP traffic is routed over firewalls and private (healthcare) networks, and it’s even more obvious that one single IP compared to almost a thousand is a BIG difference. For now we’ve put a dedicated Linux OpenSSL server between the Win2008 host and the network to handle the incoming SSL traffic. We hope SNI will be introduced in the near future.

• 11-03-2009, 2:48 PM

  In reply to

  Radek.Hulan Joined on 07-13-2008, 5:32 PM Posts 7	Re: TLS Server Name Indation Support Reply Contact 1 IP-adress for incoming SSL services is a lot more efficient and easier to maintain And cheaper as well. You usually get 1 to 5 IP addresses, not unlimited number of them, and you have to purchase additional ones separately. Not to mention running out of IP4 addresses.

• 11-24-2009, 12:54 AM

  In reply to

  mcassman Joined on 11-24-2009, 5:55 AM Posts 1	Re: TLS Server Name Indation Support Reply Contact Does the content of this article accomplish what you (we) need? I have an immediate need to run multiple ssl sites on a single ip and was counting on this document to pull everything together. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8d9f2a8f-cd23-448c-b2c7-f4e87b9e2d2c.mspx?mfr=true

• 12-07-2009, 4:12 AM

  In reply to

  Cheetah1980 Joined on 10-19-2009, 10:25 AM Posts 4	Re: TLS Server Name Indation Support Reply Contact No, this doesn't solve the problem.