Multiple SSL sites using wildcard certificate

I have a wildcard certificate and I would like to set up multiple websites using the certificat.  When I set up the first site "mysdomain.com" I was able to start ssl using port 443.  I then created the second site "xxx.mydomain.com" and I ran the adsutil.vbs and was able to start the website.  I then created a third website "yyy.mydomain.com" and ran adsutil.vbs.  When I tried to start the site I got the following error.  

IIS was unable to start the site.  Another site may already be using the port you configured for this site.  Please select a unused port for this site.

tcl5518Asked:
Who is Participating?
 
Sam PanwarConnect With a Mentor Sr. Server AdministratorCommented:
0
 
Sam PanwarSr. Server AdministratorCommented:

1.Please open properties for each virtual web server, go to WebSite tab,
click "Advanced" button next to IP address and make sure that each web
site has an unique binding for SSL port (443).

2. MAy be your IIS run multiple website in the same port so you are getting this error so check these
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
tcl5518Author Commented:
Wont changing my ssl port setting cause problems for people trying to access my site when they enter in xxx.mydomain.com?
0
 
Sam PanwarSr. Server AdministratorCommented:
Hi,

Ok then binding port 443 for site .

Anyway - I tested this years ago. what you can do is:
-setup each site with the same ip/port + different host header xxx.mydomain.com,
yyy.mydomain.com, etc
-make sure cert is associate with each site
-make sure port 443 is assign in each site
-do a netstat -ano, and make sure port 443 is binding to the IP.

http://chris-linfoot.net/d6plinks/CWLT-6MREJL
http://www.microsoft.com/technet/prodtechnol/isa/2004/maintain/wildcard.mspx
0
 
tcl5518Author Commented:
When you say same ip/port are you referring to the ipaddress under the web site tab?

When I specify the ip address I still get the same error.
0
 
Sam PanwarSr. Server AdministratorCommented:
Hi,

Yes... If you use the same ip and port then binding that port .However, the stuff doesn`t work on single ip/port combination. it would load one site`s content only. here`s a good explanation of the process
---------------------------------------------------------
Here's a quick description, to demonstrate why:

1. The client takes the URL and resolves the name into an IP address, and a port (usually a default port).
2. The client connects to that IP address, on the requested port
3. The server running at that IP address and port answers.
4. The client sends a "hello" message, asking the server to send its certificate.
5. The server sends the certificate to the client.
6. The client checks the name in the certificate against the name it had in step 1.
7.1. If the certificate matches, the client and server start encrypted exchanges.
7.2. If the certificate doesn't match, the client displays an error to the user and stops.

8. The client sends HTTP request headers, encrypted, to the server.
9. The server sends back HTTP responses, encrypted, containing content requested.

Note that host headers are sent in step 8, but the server has to pick a certificate to send in step 5, and that certificate must have the server name that the user asked for.  The server has no clue as to which
certificate it must pick, so it must have a single certificate to send back on that IP address and port.

There is work under way to produce a "next version" of TLS, that will allow a client to send the host name it wants in step 4, so that the server can choose among several certificates, but it is not clear exactly when (if
ever) this will be implemented in browsers or web servers - and it has to be implemented, and enabled, in both if it is to work.


http://www.instantssl.com/ssl-certificate-products/ssl/wildcard-ssl-p...
0
 
tcl5518Author Commented:
Thanks for all the help.  I found that the cause of my problem was the default website.  Once I deleted it and recreated my websites the adustil worked and I was able to apply my wildcard ssl to all the site.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.