IIS 7 and Above
certificate type for SNI on multiple web sites
Last post Dec 04, 2017 06:12 AM by Yuk Ding
Dec 01, 2017 06:05 PM|rlynch106|LINK
I am working on setting up IIS to use SSL. I am using IIS 8.5 and I understand that SNI will work for this. I understand the procedure for using SNI. My question is concerning the certificate.
We are running 5 sites under IIS 8.5. We need to start using SSL for connections. Can I use a single certificate for all of these sites utilizing SNI? Does it need to be a SAN certificate or a wildcard certificate ot just a plain old SSL certificate?
Thanks for any help,
Dec 01, 2017 06:56 PM|lextm|LINK
A single certificate (unless SAN or wildcard) cannot match the browser's expectation to match the HTTP request Host header value (SNI or not).
SNI allows you to bind multiple certificates easily to port 443, so you no longer need to provide
a single certificate, and please use multiple certificates. Do experiments and that would teach you what exactly is SNI.
Dec 01, 2017 07:26 PM|rlynch106|LINK
Thanks for the info. I would be doing experiments if I had a development server, but unfortunately, right now we only have the production server. I don't want to play around with that.
Then it sounds like it is recommended to use one certificate for each site.
Dec 04, 2017 06:12 AM|Yuk Ding|LINK
Of course , It is recommended to use different certificates for different sites. However, if you have lots of sub domain for the multiple sites, it is available to use only one wildcard certificate. for multiple websites. If you don't enable SNI, then all
the site will all load first site's certificate. So SNI only means enable multiple certificate.