[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I have Multiple SSL sites in IIS 6

Posted on 2009-02-15
12
Medium Priority
?
497 Views
Last Modified: 2012-05-06
We are running IIS 6 SP1 on a Microsoft 2003 server and need to have several SSL secured websites. I have used the following CLI command to have the websites run SSL:

AdsUtil.vbs SET W3SVC/1/SecureBindings :443:www.mywebsiteX.com

It allows me to add the websites with SSL but everything resolves to the initial website I setup when you key in https://www.mywebsiteXYZ.com.
0
Comment
Question by:Pangeia
  • 4
  • 4
  • 4
12 Comments
 
LVL 19

Assisted Solution

by:Jones911
Jones911 earned 1000 total points
ID: 23646088
Do you have more then 1 IP address?  Because you need 1 IP address for each SSL site.
0
 

Author Comment

by:Pangeia
ID: 23646520
That is one solution but not the way we want to set it up. You can have multiple SSL sites in IIS which we have done on other systems. I am just trying to find out why we are having a problem with this one. Here is a reference for future responders:

You can configure custom host header for SSL bindings for only one IP address using the command line tool.
Here is the procedure for enabling custom host headers in SSL sites.

1) Firstly, find out the Metabase Path of the site to be configured.  "iisweb.vbs" is in %SystemRoot%\System32.
C:\>iisweb.vbs /query

For instance, metabase path for Default Web Site is W3SVC/1.
2) Navigate to folder where the Visual Basic admin scripts are stored.
C:\>CD\Inetpub\AdminScripts

3) Set the metabase property SecureBindings using AdsUtil.vbs to any desired value. Take note of the starting character :.
C:\Inetpub\ AdminScripts>AdsUtil.vbs SET W3SVC/1/SecureBindings :443:www.maungphyo.com

4) You can repeat it for all the sites, using the default SSL port 443 with different custom host headers.
0
 
LVL 19

Expert Comment

by:Jones911
ID: 23646750
That is because you need 1 IP for each SSL site.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 37

Expert Comment

by:meverest
ID: 23648654
the limitation is actually one ip address per *certificate* - it is actually possible to use the same cert for multiple web sites.  generally a 'wildcard certificate' is required, else the browser will throw certificate warnings when connecting.

So, what is the problem you are seeing, and how is it behaving that is different than what you expect?

Cheers!
0
 

Author Comment

by:Pangeia
ID: 23716450
We have two separate websites with wildcard certificates. I need to have both websites active in IIS and right now the second website stops in IIS.
0
 
LVL 37

Assisted Solution

by:meverest
meverest earned 1000 total points
ID: 23717201
you probably haven't set up the address bindings properly.  try including the IP address in the above example:

C:\Inetpub\ AdminScripts>AdsUtil.vbs SET W3SVC/1/SecureBindings <ip address>:443:www.maungphyo.com

make sure that the IP address is shown in the address properties of the site under IIS manager, and ONLY that IP address. (i.e. remove any reference to 'all unassigned')

Cheers!
0
 

Accepted Solution

by:
Pangeia earned 0 total points
ID: 23726611
I have to give points to both of you because you do need one IP address for each SSL site and you do need to put the <ip address> in the CLI argument. Everything is working and thank you both.
0
 
LVL 37

Expert Comment

by:meverest
ID: 23727610
Hi,

just to clarify, you do not need "one IP address per SSL site" - the requirement is "one IP address per SSL CERTIFICATE"

you can still have multiple 'sites' using the same IP address, so long as they all use the same (i.e. wildcard) certificate.

Cheers!
0
 

Author Comment

by:Pangeia
ID: 23727674
That is correct. We have two wildcard SSL CERTS/domains with multiple sub-domains (example:  site1.mydomain1.com,  site2.domain1.com, site3.mydomain1.com  AND  site1.mydomain2.com,  site2.domain2.com, site3.mydomain2.com).
0
 
LVL 19

Expert Comment

by:Jones911
ID: 23727857
Hence my original answer.   :)
0
 
LVL 37

Expert Comment

by:meverest
ID: 23728003
it all makes sense, but I still like to stress the importance of not confusing the concept of 'site' and 'cert' in this context.

Cheers!
0
 
LVL 19

Expert Comment

by:Jones911
ID: 23728013
Yes a good point to make.  One that is often confused.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question