Hi there, I'm looking to purchase my first SSL certificate but there's something I'm unsure of.
On my server I currently have multiple websites/domains setup using host headers on a single dedicated IP and I'm looking to buy an SSL certificate for one of these domains. I understand that if you have multiple domains with SSL certificates they need their
own dedicated IP but how does it work if you only have one?
Will the other domains using standard http:// addresses still work or would they somehow be routed to the SSL site?
Should the domain with the SSL certificate use its own dedicated IP or is it fine to carry on as it is?
If all your websites have the same top level domain, e.g. *.mysite.com then you can get one wildcard cert, bind to each site with different host header.
For IIS 8, I recalled Server Name Indication (SNI) is supported, which you can have multiple HTTPS on single ip and port combination.
On WS08 RTM or WS08 R2, you will really want to have a dedicated IP address for your SSL site. And on this IP, you will want to have both HTTP and HTTPS bindings, with the certificate that you will order.
I would not necessarily recommend the following, but if you truly want just one of the sites to be secure, you can get away with the current setup, but know that you can have only one HTTPS binding, ever. (In this example, you are effectively "dedicating"
the existing IP for the one secure site - while sharing the same IP w/ hostname binding for HTTP.) This is a bit of a "hack" though and you will be cornering yourself in future.
So as noted, you will want to have 1 IP for all remaining HTTP sites (with hostname binding), and have a second IP for your secure site.
Dduckster
2 Posts
SSL Certificate, host headers and a single IP
Mar 06, 2012 02:15 PM|LINK
Hi there, I'm looking to purchase my first SSL certificate but there's something I'm unsure of.
On my server I currently have multiple websites/domains setup using host headers on a single dedicated IP and I'm looking to buy an SSL certificate for one of these domains. I understand that if you have multiple domains with SSL certificates they need their own dedicated IP but how does it work if you only have one?
Will the other domains using standard http:// addresses still work or would they somehow be routed to the SSL site?
Should the domain with the SSL certificate use its own dedicated IP or is it fine to carry on as it is?
Cheers for any help.
IIS 7.5 SSL Certificate
qbernard
5016 Posts
MVP
Moderator
Re: SSL Certificate, host headers and a single IP
Mar 07, 2012 04:57 AM|LINK
Yes/No.
If all your websites have the same top level domain, e.g. *.mysite.com then you can get one wildcard cert, bind to each site with different host header.
For IIS 8, I recalled Server Name Indication (SNI) is supported, which you can have multiple HTTPS on single ip and port combination.
Bernard Cheah
wonyoo
196 Posts
Microsoft
Moderator
Re: SSL Certificate, host headers and a single IP
Mar 07, 2012 05:28 AM|LINK
On WS08 RTM or WS08 R2, you will really want to have a dedicated IP address for your SSL site. And on this IP, you will want to have both HTTP and HTTPS bindings, with the certificate that you will order.
I would not necessarily recommend the following, but if you truly want just one of the sites to be secure, you can get away with the current setup, but know that you can have only one HTTPS binding, ever. (In this example, you are effectively "dedicating" the existing IP for the one secure site - while sharing the same IP w/ hostname binding for HTTP.) This is a bit of a "hack" though and you will be cornering yourself in future.
So as noted, you will want to have 1 IP for all remaining HTTP sites (with hostname binding), and have a second IP for your secure site.
(With Windows Server 8, IIS 8.0 does support Server Name Indication - SNI - that effectively allows you to configure "hostname binding" for HTTPS. More info on SNI @ http://learn.iis.net/page.aspx/1096/iis-80-server-name-indication-sni-ssl-scalability/
SNI IIS 8.0 beta Windows Server 8 beta
Dduckster
2 Posts
Re: SSL Certificate, host headers and a single IP
Mar 07, 2012 09:10 AM|LINK
Thanks, that's just the answer I was looking for. I'll make sure I sort out a second IP address for the secure domain to use.