IIS 7 and Above
Multiple SSL Certificates on the same server
Last post Dec 22, 2010 09:10 PM by qbernard
Dec 07, 2010 07:49 AM|steffen.wollesen|LINK
Two sites should use port 443. Our server has only one IP-address.
Is it then possible to have two SSL star-Certificates (each with its own Web site - IIS7) on the same WEB-server ?
*.cert1 on site1.dk and *.cert2 on
Dec 07, 2010 08:42 PM|Hades666|LINK
For this to work, you will need to purchase a UUC Certificate. Standard (UC) certificates are multidomained :) They can be expensive at times depending on how many domains you want to secure.
Essentially, your sites will use Host Headers/bindings with one shared SSL certificate that has multiple subject names.
For exameple, with a Geotrust True BusinessID Multi-domain SSL
UCC, you can secure.
Once the SSL is purchased though, you will need to bind it to the sites using SSL Host Headers.
Here is a walkthrough to do this.
Dec 07, 2010 10:01 PM|qbernard|LINK
Dec 08, 2010 03:54 AM|steffen.wollesen|LINK
no - I have not tested it yet.
But I'll attach a second ip address to the server.
This will be used exclusively to site2.dk
Thank you for your answer
Dec 09, 2010 12:54 AM|qbernard|LINK
Dec 13, 2010 08:40 AM|steffen.wollesen|LINK
The IIS7 GUI does not let me add a host header and an IP address for the site, using *.cert2
How do I configure "Appcmd" or "netsh" to define
both the host header and the IP-address to the second *.cert SSL Certificate ?
Dec 13, 2010 03:08 PM|steffen.wollesen|LINK
Using the IIS7 GUI the *.cert_1 and the hostheader_1 is bound together with
With Appcmd I've set hostheader_2 to site_2 using
"IP_2":443, but I cant find the right command to tie *.cert_2 to either the
hostheader_2 or IP_2.
Dec 15, 2010 09:22 PM|qbernard|LINK
Dec 16, 2010 02:39 AM|steffen.wollesen|LINK
Thank you all.
As mentioned earlier, I have 2 different sites (site_1 and site_2)
By using the probably most common way, I have set Hostheader_1 to HTTPS (443) using cert_1, (at site_1, IP Address = All Unassigned - IP_1 would also work here).
Also using the GUI on site_2, I defined https (443), cert_2, IP Address=IP_2. Hostheader_2 was "grayed out". so I could not define cert_2 to hostheader_2. because of this, I used the following command:
C:\Windows\System32\inetsrv\appcmd set site /site.name:*.CERT_2 /+ bindings.[protocol='https',bindingInformation='IP_2:443:HOSTHEADER_2']
When using CNAME's in DNS, it is mandatory that the DNS server is NOT configured to have 2 ip-addresses for the web server hosting the sites. instead the DNS server needs an A-record for hostheader_2 pointing at IP_2.
Perhaps the above is not the simplest or the correct method.
BUT it works ...
Dec 20, 2010 12:17 AM|qbernard|LINK
Dec 22, 2010 04:45 AM|Topspy|LINK
SSL will require static IP to work with. if you want to have two websites with SSL, you need another IP address.
Dec 22, 2010 05:08 AM|steffen.wollesen|LINK
Dec 22, 2010 09:10 PM|qbernard|LINK