Two sites should use port 443. Our server has only one IP-address.
Is it then possible to have two SSL star-Certificates (each with its own Web site - IIS7) on the same WEB-server ? *.cert1 on site1.dk and *.cert2 on
site2.dk
For this to work, you will need to purchase a UUC Certificate. Standard (UC) certificates are multidomained :) They can be expensive at times depending on how many domains you want to secure.
Essentially, your sites will use Host Headers/bindings with one shared SSL certificate that has multiple subject names.
For exameple, with a Geotrust True BusinessID Multi-domain SSL
UCC, you can secure.
site1.dk
site2.dk
site1.mydomain.com
dev.domain.org www.other-domain.com
etc...
AFAIK, IIS doesn't supports SAN based SSL yet. if you have *.site1.com then you can use it to bind to more than one sites, however if you have different top level domain - this wildcard cert won't work, you will need additional ip to bind *.site2.com, have
you tested it?
The IIS7 GUI does not let me add a host header and an IP address for the site, using *.cert2
How do I configure "Appcmd" or "netsh" to define
both the host header and the IP-address to the second *.cert SSL Certificate ?
Using the IIS7 GUI the *.cert_1 and the hostheader_1 is bound together with
"IP_1"/port 443.
With Appcmd I've set hostheader_2 to site_2 using
"IP_2":443, but I cant find the right command to tie *.cert_2 to either the
hostheader_2 or IP_2.
You can either try - appcmd set site /site.name: contoso /+bindings.[protocol='https',bindingInformation='*.fabrikam:443:'] or appcmd.exe set site “Fabrikam HR” /bindings:”http/192.168.1.1:80:hr.fabrikam.com,http/192.168.1.1:433:*.fabrikam.com”
As mentioned earlier, I have 2 different sites (site_1 and site_2)
By using the probably most common way, I have set Hostheader_1 to HTTPS (443) using cert_1, (at site_1, IP Address = All Unassigned - IP_1 would also work here).
Also using the GUI on site_2, I defined https (443), cert_2, IP Address=IP_2. Hostheader_2 was "grayed out". so I could not define cert_2 to hostheader_2. because of this, I used the following command:
C:\Windows\System32\inetsrv\appcmd set site /site.name:*.CERT_2 /+ bindings.[protocol='https',bindingInformation='IP_2:443:HOSTHEADER_2']
When using CNAME's in DNS, it is mandatory that the DNS server is NOT configured to have 2 ip-addresses for the web server hosting the sites. instead the DNS server needs an A-record for hostheader_2 pointing at IP_2.
Perhaps the above is not the simplest or the correct method.
BUT it works ...
gray out? mm... if it's binding to different IP and there is a cert bond to the 2nd site, I see no reason why you can configure 2nd site like the first one.
9 Posts
Multiple SSL Certificates on the same server
Dec 07, 2010 07:49 AM|steffen.wollesen|LINK
Hi
Two sites should use port 443. Our server has only one IP-address.
Is it then possible to have two SSL star-Certificates (each with its own Web site - IIS7) on the same WEB-server ?
*.cert1 on site1.dk and *.cert2 on site2.dk
/Steffen
258 Posts
Re: Multiple SSL Certificates on the same server
Dec 07, 2010 08:42 PM|Hades666|LINK
For this to work, you will need to purchase a UUC Certificate. Standard (UC) certificates are multidomained :) They can be expensive at times depending on how many domains you want to secure.
Essentially, your sites will use Host Headers/bindings with one shared SSL certificate that has multiple subject names.
For exameple, with a Geotrust True BusinessID Multi-domain SSL UCC, you can secure.
site1.dk
site2.dk
site1.mydomain.com
dev.domain.org
www.other-domain.com
etc...
http://www.geocerts.com/ssl/tbidmd
Once the SSL is purchased though, you will need to bind it to the sites using SSL Host Headers.
Here is a walkthrough to do this.
http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html
http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html
Hades666
7019 Posts
MVP
Re: Multiple SSL Certificates on the same server
Dec 07, 2010 10:01 PM|qbernard|LINK
Bernard Cheah
9 Posts
Re: Multiple SSL Certificates on the same server
Dec 08, 2010 03:54 AM|steffen.wollesen|LINK
no - I have not tested it yet.
But I'll attach a second ip address to the server. This will be used exclusively to site2.dk
Thank you for your answer
Steffen
7019 Posts
MVP
Re: Multiple SSL Certificates on the same server
Dec 09, 2010 12:54 AM|qbernard|LINK
Bernard Cheah
9 Posts
Re: Multiple SSL Certificates on the same server
Dec 13, 2010 08:40 AM|steffen.wollesen|LINK
The IIS7 GUI does not let me add a host header and an IP address for the site, using *.cert2
How do I configure "Appcmd" or "netsh" to define both the host header and the IP-address to the second *.cert SSL Certificate ?
9 Posts
Re: Multiple SSL Certificates on the same server
Dec 13, 2010 03:08 PM|steffen.wollesen|LINK
Using the IIS7 GUI the *.cert_1 and the hostheader_1 is bound together with "IP_1"/port 443.
With Appcmd I've set hostheader_2 to site_2 using "IP_2":443, but I cant find the right command to tie *.cert_2 to either the hostheader_2 or IP_2.
7019 Posts
MVP
Re: Multiple SSL Certificates on the same server
Dec 15, 2010 09:22 PM|qbernard|LINK
Bernard Cheah
9 Posts
Re: Multiple SSL Certificates on the same server
Dec 16, 2010 02:39 AM|steffen.wollesen|LINK
Thank you all.
As mentioned earlier, I have 2 different sites (site_1 and site_2)
By using the probably most common way, I have set Hostheader_1 to HTTPS (443) using cert_1, (at site_1, IP Address = All Unassigned - IP_1 would also work here).
Also using the GUI on site_2, I defined https (443), cert_2, IP Address=IP_2. Hostheader_2 was "grayed out". so I could not define cert_2 to hostheader_2. because of this, I used the following command:
C:\Windows\System32\inetsrv\appcmd set site /site.name:*.CERT_2 /+ bindings.[protocol='https',bindingInformation='IP_2:443:HOSTHEADER_2']
When using CNAME's in DNS, it is mandatory that the DNS server is NOT configured to have 2 ip-addresses for the web server hosting the sites. instead the DNS server needs an A-record for hostheader_2 pointing at IP_2.
Perhaps the above is not the simplest or the correct method.
BUT it works ...
7019 Posts
MVP
Re: Multiple SSL Certificates on the same server
Dec 20, 2010 12:17 AM|qbernard|LINK
Bernard Cheah
454 Posts
Re: Multiple SSL Certificates on the same server
Dec 22, 2010 04:45 AM|Topspy|LINK
SSL will require static IP to work with. if you want to have two websites with SSL, you need another IP address.
www.webhostpark.com
9 Posts
Re: Multiple SSL Certificates on the same server
Dec 22, 2010 05:08 AM|steffen.wollesen|LINK
I know. Which is why I wrote IP_1 and IP_2
7019 Posts
MVP
Re: Multiple SSL Certificates on the same server
Dec 22, 2010 09:10 PM|qbernard|LINK
Bernard Cheah