tcl5518
asked on
Multiple SSL sites using wildcard certificate
I have a wildcard certificate and I would like to set up multiple websites using the certificat. When I set up the first site "mysdomain.com" I was able to start ssl using port 443. I then created the second site "xxx.mydomain.com" and I ran the adsutil.vbs and was able to start the website. I then created a third website "yyy.mydomain.com" and ran adsutil.vbs. When I tried to start the site I got the following error.
IIS was unable to start the site. Another site may already be using the port you configured for this site. Please select a unused port for this site.
IIS was unable to start the site. Another site may already be using the port you configured for this site. Please select a unused port for this site.
ASKER
Wont changing my ssl port setting cause problems for people trying to access my site when they enter in xxx.mydomain.com?
Hi,
Ok then binding port 443 for site .
Anyway - I tested this years ago. what you can do is:
-setup each site with the same ip/port + different host header xxx.mydomain.com,
yyy.mydomain.com, etc
-make sure cert is associate with each site
-make sure port 443 is assign in each site
-do a netstat -ano, and make sure port 443 is binding to the IP.
http://chris-linfoot.net/d6plinks/CWLT-6MREJL
http://www.microsoft.com/technet/prodtechnol/isa/2004/maintain/wildcard.mspx
Ok then binding port 443 for site .
Anyway - I tested this years ago. what you can do is:
-setup each site with the same ip/port + different host header xxx.mydomain.com,
yyy.mydomain.com, etc
-make sure cert is associate with each site
-make sure port 443 is assign in each site
-do a netstat -ano, and make sure port 443 is binding to the IP.
http://chris-linfoot.net/d6plinks/CWLT-6MREJL
http://www.microsoft.com/technet/prodtechnol/isa/2004/maintain/wildcard.mspx
ASKER
When you say same ip/port are you referring to the ipaddress under the web site tab?
When I specify the ip address I still get the same error.
When I specify the ip address I still get the same error.
Hi,
Yes... If you use the same ip and port then binding that port .However, the stuff doesn`t work on single ip/port combination. it would load one site`s content only. here`s a good explanation of the process
--------------------------
Here's a quick description, to demonstrate why:
1. The client takes the URL and resolves the name into an IP address, and a port (usually a default port).
2. The client connects to that IP address, on the requested port
3. The server running at that IP address and port answers.
4. The client sends a "hello" message, asking the server to send its certificate.
5. The server sends the certificate to the client.
6. The client checks the name in the certificate against the name it had in step 1.
7.1. If the certificate matches, the client and server start encrypted exchanges.
7.2. If the certificate doesn't match, the client displays an error to the user and stops.
8. The client sends HTTP request headers, encrypted, to the server.
9. The server sends back HTTP responses, encrypted, containing content requested.
Note that host headers are sent in step 8, but the server has to pick a certificate to send in step 5, and that certificate must have the server name that the user asked for. The server has no clue as to which
certificate it must pick, so it must have a single certificate to send back on that IP address and port.
There is work under way to produce a "next version" of TLS, that will allow a client to send the host name it wants in step 4, so that the server can choose among several certificates, but it is not clear exactly when (if
ever) this will be implemented in browsers or web servers - and it has to be implemented, and enabled, in both if it is to work.
http://www.instantssl.com/ssl-certificate-products/ssl/wildcard-ssl-p...
Yes... If you use the same ip and port then binding that port .However, the stuff doesn`t work on single ip/port combination. it would load one site`s content only. here`s a good explanation of the process
--------------------------
Here's a quick description, to demonstrate why:
1. The client takes the URL and resolves the name into an IP address, and a port (usually a default port).
2. The client connects to that IP address, on the requested port
3. The server running at that IP address and port answers.
4. The client sends a "hello" message, asking the server to send its certificate.
5. The server sends the certificate to the client.
6. The client checks the name in the certificate against the name it had in step 1.
7.1. If the certificate matches, the client and server start encrypted exchanges.
7.2. If the certificate doesn't match, the client displays an error to the user and stops.
8. The client sends HTTP request headers, encrypted, to the server.
9. The server sends back HTTP responses, encrypted, containing content requested.
Note that host headers are sent in step 8, but the server has to pick a certificate to send in step 5, and that certificate must have the server name that the user asked for. The server has no clue as to which
certificate it must pick, so it must have a single certificate to send back on that IP address and port.
There is work under way to produce a "next version" of TLS, that will allow a client to send the host name it wants in step 4, so that the server can choose among several certificates, but it is not clear exactly when (if
ever) this will be implemented in browsers or web servers - and it has to be implemented, and enabled, in both if it is to work.
http://www.instantssl.com/ssl-certificate-products/ssl/wildcard-ssl-p...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all the help. I found that the cause of my problem was the default website. Once I deleted it and recreated my websites the adustil worked and I was able to apply my wildcard ssl to all the site.
1.Please open properties for each virtual web server, go to WebSite tab,
click "Advanced" button next to IP address and make sure that each web
site has an unique binding for SSL port (443).
2. MAy be your IIS run multiple website in the same port so you are getting this error so check these