Multiple SSL Certificates on the same server [Answered]RSS

12 replies

Last post Dec 22, 2010 09:10 PM by qbernard

  • Multiple SSL Certificates on the same server

    Dec 07, 2010 07:49 AM|steffen.wollesen|LINK

    Hi

    Two sites should use port 443. Our server has only one IP-address.
    Is it then possible to have two SSL star-Certificates (each with its own Web site - IIS7) on the same WEB-server ?
    *.cert1 on site1.dk and *.cert2 on site2.dk

     /Steffen

  • Re: Multiple SSL Certificates on the same server

    Dec 07, 2010 08:42 PM|Hades666|LINK

    For this to work, you will need to purchase a UUC Certificate. Standard (UC) certificates are multidomained :) They can be expensive at times depending on how many domains you want to secure.

    Essentially, your sites will use Host Headers/bindings with one shared SSL certificate that has multiple subject names.

    For exameple, with a Geotrust True BusinessID Multi-domain SSL UCC, you can secure.
    site1.dk
    site2.dk
    site1.mydomain.com
    dev.domain.org
    www.other-domain.com
    etc...

    http://www.geocerts.com/ssl/tbidmd

    Once the SSL is purchased though, you will need to bind it to the sites using SSL Host Headers.

    Here is a walkthrough to do this.
    http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html

    http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html

    Cheers,
    Hades666
  • Re: Multiple SSL Certificates on the same server

    Dec 07, 2010 10:01 PM|qbernard|LINK

    AFAIK, IIS doesn't supports SAN based SSL yet. if you have *.site1.com then you can use it to bind to more than one sites, however if you have different top level domain - this wildcard cert won't work, you will need additional ip to bind *.site2.com, have you tested it?
    Cheers,
    Bernard Cheah
  • Re: Multiple SSL Certificates on the same server

    Dec 08, 2010 03:54 AM|steffen.wollesen|LINK

    no - I have not tested it yet.
    But I'll attach a second ip address to the server. This will be used exclusively to site2.dk

    Thank you for your answer

    Steffen

  • Re: Multiple SSL Certificates on the same server

    Dec 09, 2010 12:54 AM|qbernard|LINK

    Yes, with additional IP for another cert, this will works.
    Cheers,
    Bernard Cheah
  • Re: Multiple SSL Certificates on the same server

    Dec 13, 2010 08:40 AM|steffen.wollesen|LINK

    The IIS7 GUI does not let me add a host header and an IP address for the site, using *.cert2
    How do I configure "Appcmd" or "netsh" to define both the host header and the IP-address to the second *.cert SSL Certificate ?

  • Re: Multiple SSL Certificates on the same server

    Dec 13, 2010 03:08 PM|steffen.wollesen|LINK

    Using the IIS7 GUI the *.cert_1 and the hostheader_1 is bound together with "IP_1"/port 443.
    With Appcmd I've set hostheader_2 to site_2 using "IP_2":443, but I cant find the right command to tie *.cert_2 to either the hostheader_2 or IP_2.

  • Re: Multiple SSL Certificates on the same server

    Dec 15, 2010 09:22 PM|qbernard|LINK

    You can either try - appcmd set site /site.name: contoso /+bindings.[protocol='https',bindingInformation='*.fabrikam:443:'] or appcmd.exe set site “Fabrikam HR” /bindings:”http/192.168.1.1:80:hr.fabrikam.com,http/192.168.1.1:433:*.fabrikam.com”
    Cheers,
    Bernard Cheah
  • Re: Multiple SSL Certificates on the same server

    Dec 16, 2010 02:39 AM|steffen.wollesen|LINK

    Thank you all.

    As mentioned earlier, I have 2 different sites (site_1 and site_2)

    By using the probably most common way, I have set Hostheader_1 to HTTPS (443) using cert_1, (at site_1, IP Address = All Unassigned - IP_1 would also work here).

    Also using the GUI on site_2, I defined https (443), cert_2, IP Address=IP_2. Hostheader_2 was "grayed out". so I could not define cert_2 to hostheader_2. because of this, I used the following command:

    C:\Windows\System32\inetsrv\appcmd set site /site.name:*.CERT_2 /+ bindings.[protocol='https',bindingInformation='IP_2:443:HOSTHEADER_2']


    When using CNAME's in DNS, it is mandatory that the DNS server is NOT configured to have 2 ip-addresses for the web server hosting the sites. instead the DNS server needs an A-record for hostheader_2 pointing at IP_2.

    Perhaps the above is not the simplest or the correct method.
    BUT it works ...

  • Re: Multiple SSL Certificates on the same server

    Dec 20, 2010 12:17 AM|qbernard|LINK

    gray out? mm... if it's binding to different IP and there is a cert bond to the 2nd site, I see no reason why you can configure 2nd site like the first one.
    Cheers,
    Bernard Cheah
  • Re: Multiple SSL Certificates on the same server

    Dec 22, 2010 04:45 AM|Topspy|LINK

     SSL will require static IP to work with. if you want to have two websites with SSL, you need another IP address.

    WebHostPark
    www.webhostpark.com
  • Re: Multiple SSL Certificates on the same server

    Dec 22, 2010 05:08 AM|steffen.wollesen|LINK

    I know. Which is why I wrote IP_1 and IP_2

  • Re: Multiple SSL Certificates on the same server

    Dec 22, 2010 09:10 PM|qbernard|LINK

    @@ - thread digger ?
    Cheers,
    Bernard Cheah