How do I have Multiple SSL sites in IIS 6

We are running IIS 6 SP1 on a Microsoft 2003 server and need to have several SSL secured websites. I have used the following CLI command to have the websites run SSL:

AdsUtil.vbs SET W3SVC/1/SecureBindings :443:www.mywebsiteX.com

It allows me to add the websites with SSL but everything resolves to the initial website I setup when you key in https://www.mywebsiteXYZ.com.
PangeiaAsked:
Who is Participating?
 
PangeiaAuthor Commented:
I have to give points to both of you because you do need one IP address for each SSL site and you do need to put the <ip address> in the CLI argument. Everything is working and thank you both.
0
 
Jones911Commented:
Do you have more then 1 IP address?  Because you need 1 IP address for each SSL site.
0
 
PangeiaAuthor Commented:
That is one solution but not the way we want to set it up. You can have multiple SSL sites in IIS which we have done on other systems. I am just trying to find out why we are having a problem with this one. Here is a reference for future responders:

You can configure custom host header for SSL bindings for only one IP address using the command line tool.
Here is the procedure for enabling custom host headers in SSL sites.

1) Firstly, find out the Metabase Path of the site to be configured.  "iisweb.vbs" is in %SystemRoot%\System32.
C:\>iisweb.vbs /query

For instance, metabase path for Default Web Site is W3SVC/1.
2) Navigate to folder where the Visual Basic admin scripts are stored.
C:\>CD\Inetpub\AdminScripts

3) Set the metabase property SecureBindings using AdsUtil.vbs to any desired value. Take note of the starting character :.
C:\Inetpub\ AdminScripts>AdsUtil.vbs SET W3SVC/1/SecureBindings :443:www.maungphyo.com

4) You can repeat it for all the sites, using the default SSL port 443 with different custom host headers.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
Jones911Commented:
That is because you need 1 IP for each SSL site.
0
 
meverestCommented:
the limitation is actually one ip address per *certificate* - it is actually possible to use the same cert for multiple web sites.  generally a 'wildcard certificate' is required, else the browser will throw certificate warnings when connecting.

So, what is the problem you are seeing, and how is it behaving that is different than what you expect?

Cheers!
0
 
PangeiaAuthor Commented:
We have two separate websites with wildcard certificates. I need to have both websites active in IIS and right now the second website stops in IIS.
0
 
meverestCommented:
you probably haven't set up the address bindings properly.  try including the IP address in the above example:

C:\Inetpub\ AdminScripts>AdsUtil.vbs SET W3SVC/1/SecureBindings <ip address>:443:www.maungphyo.com

make sure that the IP address is shown in the address properties of the site under IIS manager, and ONLY that IP address. (i.e. remove any reference to 'all unassigned')

Cheers!
0
 
meverestCommented:
Hi,

just to clarify, you do not need "one IP address per SSL site" - the requirement is "one IP address per SSL CERTIFICATE"

you can still have multiple 'sites' using the same IP address, so long as they all use the same (i.e. wildcard) certificate.

Cheers!
0
 
PangeiaAuthor Commented:
That is correct. We have two wildcard SSL CERTS/domains with multiple sub-domains (example:  site1.mydomain1.com,  site2.domain1.com, site3.mydomain1.com  AND  site1.mydomain2.com,  site2.domain2.com, site3.mydomain2.com).
0
 
Jones911Commented:
Hence my original answer.   :)
0
 
meverestCommented:
it all makes sense, but I still like to stress the importance of not confusing the concept of 'site' and 'cert' in this context.

Cheers!
0
 
Jones911Commented:
Yes a good point to make.  One that is often confused.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.