IIS 7 & IIS 8
IIS 7 & SSL
Last post Oct 31, 2012 06:28 AM by ssl.com
Jun 02, 2007 02:54 AM|LINK
Does anyone know if it is possible to host multiple SSL domains on a single IP in IIS 7? I know this was impossible in version 6, would be great if this is now possible. Any info appreciated.
Jun 05, 2007 04:31 AM|LINK
Yes/No, SSL support in IIS 7 and 6 should be the same. and you will be able to use wildcard SSL for multiple site on a single ip with the condition that all sites are sharing the same root domain.
Aug 03, 2007 07:42 AM|LINK
Bernard is correct that in IIS7 that it will support wildcard certs for multiple SSL support. However, like IIS 6, the IIS Manager for IIS7 doesn't support configuring IIS7 using SSL & Host Headers. Thus, the same approach as was used in IIS 6 would be used
with slight modifications to the actual utility. For example, instead of using adsutil.vbs to set the configuration property SecureBindings you would use AppCmd or Microsoft.Web.Administration for the <sites> collection's bindings. If you can't figure this
out, let us know and I am happy to test and give back the sample...
Nov 24, 2007 07:00 PM|LINK
I have problems even with one SSL-enabled site. If I enable SSL with for example contoso1.com, https://contoso1.com works fine. But requests for other sites like https://contoso2.com, https://contoso3.com and so on ( assuming I have multiple sites contoso1.com,
contoso2.com ... hosted by IIS ) return the same page https://contoso1.com. Of course these requests should never come in in the first place. But anyway is it possible to configure IIS to return something like 404 for those requests?
Nov 26, 2007 06:06 PM|LINK
You can configure the SSL binding of the web-site to take a host-header - I do not remember whether the UI allows you to do that, but you can definitely do it by directly editing configuration.
Nov 26, 2007 07:07 PM|LINK
Unless something has changed in the most recent release of the UI, Host Header & SSL support (SecureBindings) isn't supported in the UI. Just adding that since Anil commented...
Nov 26, 2007 08:23 PM|LINK
Thank you for your prompt reply
That's right, I edited configuration manually. Turns out it's not a big deal :-)
Now it looks like
And it shows up in Bindings in UI but is not editable.
Some minor problems still persist. An http :80 request with wrong Host Header never goes to the site. But an https :443 request with wrong Host Header still goes through to the site. The brower reports certificate error, I can view certificate details and
only after I hit "Proceed to the site - Not recommended" I receive 404 response.
Not a big deal but some clients can get disappointed.
Any ideas? I think I can write an HttpModule to check for wrong Host Header - now it is possible to do using .NET - great. That's only a couple lines of code.
Thank you again
Nov 26, 2007 08:30 PM|LINK
The request is not going to the site - it is being rejected by http.sys as soon as it sees the host header - but that happens after the SSL negotiation which is why you see the bad certificate thing on the client.
Nov 26, 2007 09:38 PM|LINK
So what do you think? Is there something I can do with this certificate thing?
Http Module is not a solution. I can not insert it into or before SSL negotiation. Right?
Nov 27, 2007 04:16 PM|LINK
There is nothing you can do - SSL negotiation has to happen before the serve knows which hostname the client is interested in - and the only thing the server knows before that is the IP address.