IIS Feature Feedback
TLS Server Name Indation Support
Last post Jan 07, 2010 11:06 AM by mcassman
Oct 20, 2009 02:45 AM|Cheetah1980|LINK
Oct 20, 2009 02:07 PM|anilr|LINK
This feature is under consideration for the next release of windows.
Oct 20, 2009 05:31 PM|Cheetah1980|LINK
Oct 21, 2009 08:14 AMemail@example.com|LINK
If you absolutely need multiple certs for sites using a single IP then Linux is your best (perhaps only) option. I'm of the opinion that sites on a single IP shouldn't be using separate certs, but I've also always resisted using multiple sites on a single
IP whenever possible. I understand that in some situations you have no choice.
Oct 22, 2009 02:15 PM|anilr|LINK
I had a query regarding that - are you seeing that most of clients connecting to your site support TLS SNI? One reason for the delay for implementing this in server-side in windows has been the belief that the percentage of clients supporting this is still
low (even though latest versions of IE and firefox support it).
Nov 03, 2009 02:41 PM|Cheetah1980|LINK
Nov 03, 2009 02:48 PM|Radek.Hulan|LINK
And cheaper as well. You usually get 1 to 5 IP addresses, not unlimited number of them, and you have to purchase additional ones separately.
Not to mention running out of IP4 addresses.
Nov 24, 2009 12:54 AM|mcassman|LINK
Does the content of this article accomplish what you (we) need?
I have an immediate need to run multiple ssl sites on a single ip and was counting on this document to pull everything together.
Dec 07, 2009 04:12 AM|Cheetah1980|LINK
Jan 07, 2010 10:52 AM|CFH IT|LINK
We also really need this featue in order to host multiple sites in an efficient way.
Can it really be true that MS has no plans to support this before the next major relase of a Windows Server OS?
SNI is supported on the client side by everybody using Firefox (2 and up), Safari on Mac OS X and everybody using Windows Vista and up.
I guess the main reason that there has been some vailidity in the claim about lacking client side support, has been the complete failure in getting the corporate world to accept Windows Vista (due to it's ridicolous resource usage). But hopefully Windows
7 will fare much better, which then should eliminate the problems with client side support.
The above statement is just another way of stating that I don't understand why this isn't supported in IIS, when you do support it on the client side...
Jan 07, 2010 11:06 AM|mcassman|LINK
Here is what worked for me in IIS 6.
1) Configure host header names on 443 for IIS. I recommend scripting it because it won't be the last time you run this cmd.
cscript.exe adsutil.vbs set /w3svc/<replace with your site id>/SecureBindings ":443:www.domain1.com"
cscript.exe adsutil.vbs set /w3svc/1709n76999/SecureBindings ":443:www.domain2.com"
cscript.exe adsutil.vbs set /w3svc/108937373/SecureBindings ":443:www.domain3.com"
cscript.exe adsutil.vbs set /w3svc/2299387888/SecureBindings ":443:www.domain4.com"
cscript.exe adsutil.vbs set /w3svc/1838j33838/SecureBindings ":443:www.domain5.com"
2) Install a UCC certificate from DigiCert. Don't worry about all the references to Exchange on this page. The common name is for www.domain1.com and all the others are added when you submit the .csr