« Previous Next »

• 05-06-2004, 5:50 PM

  dregs2 Joined on 07-11-2002, 9:59 AM Posts 0

  IIS setup for multiple SSL domains Reply Contact Hi Until now I have used host headers with IIS. I am on a dedicated box, IIS6 & 12 IPs. I need to set up various domains with ssl certs. So now I can't use host headers. I am running my own DNS off two IPs. The question is what is they correct settings for this setup. dns1 = 1 IP dns2 = 1 IP default website = 1 IP - Question? Is the default website relevant anymore. domain 1 = 1 IP No SSL domain 2 = 1 IP SSL = Port 443 set to the IP domain 3 = 1 IP No SSL domain 4 = 1 IP SSL = Port 443 set to the IP etc,etc So for 10 domains I would need 12 IPs, two for the dns servers and 10 for the domains. I would be setting up 3 or 4 SSL sites to start with but I would be interested to know a scalable solution. TIA dregs2

• 05-06-2004, 10:39 PM

  In reply to

  Ken Schaefer Joined on 09-17-2002, 9:05 PM Sydney, Australia Posts 53

  Re: IIS setup for multiple SSL domains Reply Contact Hi, if you want to run the DNS servers separately to the webservers (eg on dedicated boxes), then you would need additional IP addresses. However, you can run the DNS server (or at least one), on the same physical box as the webserver. You can even use one of the existing IP addresses. For robustness, you are supposed to use two phsyical machines when creating primary and secondary DNS servers. For SSL, you can not use host-headers. You can only use IP addresses + TCP port combinations. If you want to run all the sites on port 443, then you will need a separate IP address for each site. Cheers Ken Microsoft MVP - Window Server (IIS) MCITP (EA, SA), MCTS (ISA, SQL Server, Hyper-V, MOSS, Ops Manager), MCSE+Security, MCDBA

• 05-11-2004, 3:54 PM

  In reply to

  Brett Hill Joined on 07-30-2002, 8:07 PM Posts 0

  Re: IIS setup for multiple SSL domains Reply Contact As far as scalability goes, your configuration is fine. That doesn't mean your applications or database configurations will scale, but as as far as IIS goes, the only problem you might run into is CPU time if you have a lot of simultaneous SSL connections. Invest in an onboard SSL accelerator if that is the problem. Personally, I don't recommend hosting your own DNS servers unless you have a lot of sites to manage. I like to outsource DNS for publicly available web sites. Then, if your ISP has problems, you have the potential to quickly relocate your websites offsite and route DNS to them. -brett hill IIS MVP iisanswers.com ----------------------------- Sign up for the IIS Answers Newsletter. http://www.iisanswers.com/newsletter

• 05-19-2004, 3:52 AM

  In reply to

  webguy96 Joined on 12-20-2002, 11:09 PM Posts 0

  Re: IIS setup for multiple SSL domains Reply Contact I'm not is shared ssl is an option but that might be something else to consider which reduces the cost & number of certificates necessary. Additionally, I still currently leverage host headers within my standard pages on port 80 but everything that must be under ssl is then redirected within my code to 1 fully qualified domain name. Ex: The following entries would all be handled via host-header and may be hit based on search results via google or yahoo search 1) www.mydomain1.com 2) mydomain1.com 3) www.mymarketingdomain1.com 4) www.mydomain1.us 5) www.mydomain1.org Next, you need to determine the most logical domain name you wish (in this example I would select 'www.mydomain1.com' 1) Use this domain in the generated SSL request and assign to the given web site (generally on port 443) 2) Since each of the sites above land on the same home page, simply redirect users to https://www.mydomain1.com when they click on 'Login' Not sure if that will work for you or not but I've found it does what I need. ps...It sounds like you have control of your boxes so you may wish to generate an ssl cert yourself if only for testing/validation purposes before leveraging say Verisign. Clem Messerli CTC Ministries