[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Multiple SSL sites using wildcard certificate

Posted on 2006-05-12
Medium Priority
Last Modified: 2012-05-05
I have a wildcard certificate and I would like to set up multiple websites using the certificat.  When I set up the first site "mysdomain.com" I was able to start ssl using port 443.  I then created the second site "xxx.mydomain.com" and I ran the adsutil.vbs and was able to start the website.  I then created a third website "yyy.mydomain.com" and ran adsutil.vbs.  When I tried to start the site I got the following error.  

IIS was unable to start the site.  Another site may already be using the port you configured for this site.  Please select a unused port for this site.

Question by:tcl5518
  • 6
  • 3
LVL 18

Expert Comment

by:Sam Panwar
ID: 16672502

1.Please open properties for each virtual web server, go to WebSite tab,
click "Advanced" button next to IP address and make sure that each web
site has an unique binding for SSL port (443).

2. MAy be your IIS run multiple website in the same port so you are getting this error so check these

Author Comment

ID: 16692133
Wont changing my ssl port setting cause problems for people trying to access my site when they enter in xxx.mydomain.com?
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

LVL 18

Expert Comment

by:Sam Panwar
ID: 16696234

Ok then binding port 443 for site .

Anyway - I tested this years ago. what you can do is:
-setup each site with the same ip/port + different host header xxx.mydomain.com,
yyy.mydomain.com, etc
-make sure cert is associate with each site
-make sure port 443 is assign in each site
-do a netstat -ano, and make sure port 443 is binding to the IP.


Author Comment

ID: 16703854
When you say same ip/port are you referring to the ipaddress under the web site tab?

When I specify the ip address I still get the same error.
LVL 18

Expert Comment

by:Sam Panwar
ID: 16705444

Yes... If you use the same ip and port then binding that port .However, the stuff doesn`t work on single ip/port combination. it would load one site`s content only. here`s a good explanation of the process
Here's a quick description, to demonstrate why:

1. The client takes the URL and resolves the name into an IP address, and a port (usually a default port).
2. The client connects to that IP address, on the requested port
3. The server running at that IP address and port answers.
4. The client sends a "hello" message, asking the server to send its certificate.
5. The server sends the certificate to the client.
6. The client checks the name in the certificate against the name it had in step 1.
7.1. If the certificate matches, the client and server start encrypted exchanges.
7.2. If the certificate doesn't match, the client displays an error to the user and stops.

8. The client sends HTTP request headers, encrypted, to the server.
9. The server sends back HTTP responses, encrypted, containing content requested.

Note that host headers are sent in step 8, but the server has to pick a certificate to send in step 5, and that certificate must have the server name that the user asked for.  The server has no clue as to which
certificate it must pick, so it must have a single certificate to send back on that IP address and port.

There is work under way to produce a "next version" of TLS, that will allow a client to send the host name it wants in step 4, so that the server can choose among several certificates, but it is not clear exactly when (if
ever) this will be implemented in browsers or web servers - and it has to be implemented, and enabled, in both if it is to work.

LVL 18

Accepted Solution

Sam Panwar earned 2000 total points
ID: 16705448

Author Comment

ID: 16710614
Thanks for all the help.  I found that the cause of my problem was the default website.  Once I deleted it and recreated my websites the adustil worked and I was able to apply my wildcard ssl to all the site.

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question