How to get multiple SSL sites working on IIS5 with NLB.
Posted on 2001-07-25
I am running 2 x Win2k Adv. Servers with NLB. I have multiple sites on the servers, most sharing an IP address.
I now need a few of those sites to use SSL, so I have got SSL certs from VeriSign, and moved those sites to a unique IP address.
However, I have NAT going on in the firewall, which points the external IP addresses to a single NLB IP address inside. I think however, that IIS may want the SSL sites to have a unique internal IP address as well, I'm not sure.
When I enable SSL for a site, it only works if I get it to use the (All Unassaigned) IP address. After that, all SSL traffic for all sites ends up at the one that catches the Unassagined IP's.
Assigning SSL to it's unique external IP address doesn't seem to do the trick, prob. because the external IP address is now only available in the hostname, which is encrypted in SSL, and unavailable?
I think the solution lies in mapping the unique external IP's to unique internal IP's. Unfortunately, there is only 1 NLB IP address, so unless I can add more, I don't know what to do.
Anyone know how to get around this?