We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

How do I have Multiple SSL sites in IIS 6

Pangeia
Pangeia asked
on
Medium Priority
522 Views
Last Modified: 2012-05-06
We are running IIS 6 SP1 on a Microsoft 2003 server and need to have several SSL secured websites. I have used the following CLI command to have the websites run SSL:

AdsUtil.vbs SET W3SVC/1/SecureBindings :443:www.mywebsiteX.com

It allows me to add the websites with SSL but everything resolves to the initial website I setup when you key in https://www.mywebsiteXYZ.com.
Comment
Watch Question

Commented:
Do you have more then 1 IP address?  Because you need 1 IP address for each SSL site.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
That is one solution but not the way we want to set it up. You can have multiple SSL sites in IIS which we have done on other systems. I am just trying to find out why we are having a problem with this one. Here is a reference for future responders:

You can configure custom host header for SSL bindings for only one IP address using the command line tool.
Here is the procedure for enabling custom host headers in SSL sites.

1) Firstly, find out the Metabase Path of the site to be configured.  "iisweb.vbs" is in %SystemRoot%\System32.
C:\>iisweb.vbs /query

For instance, metabase path for Default Web Site is W3SVC/1.
2) Navigate to folder where the Visual Basic admin scripts are stored.
C:\>CD\Inetpub\AdminScripts

3) Set the metabase property SecureBindings using AdsUtil.vbs to any desired value. Take note of the starting character :.
C:\Inetpub\ AdminScripts>AdsUtil.vbs SET W3SVC/1/SecureBindings :443:www.maungphyo.com

4) You can repeat it for all the sites, using the default SSL port 443 with different custom host headers.

Commented:
That is because you need 1 IP for each SSL site.
Top Expert 2008

Commented:
the limitation is actually one ip address per *certificate* - it is actually possible to use the same cert for multiple web sites.  generally a 'wildcard certificate' is required, else the browser will throw certificate warnings when connecting.

So, what is the problem you are seeing, and how is it behaving that is different than what you expect?

Cheers!

Author

Commented:
We have two separate websites with wildcard certificates. I need to have both websites active in IIS and right now the second website stops in IIS.
Top Expert 2008
Commented:
you probably haven't set up the address bindings properly.  try including the IP address in the above example:

C:\Inetpub\ AdminScripts>AdsUtil.vbs SET W3SVC/1/SecureBindings <ip address>:443:www.maungphyo.com

make sure that the IP address is shown in the address properties of the site under IIS manager, and ONLY that IP address. (i.e. remove any reference to 'all unassigned')

Cheers!
Commented:
I have to give points to both of you because you do need one IP address for each SSL site and you do need to put the <ip address> in the CLI argument. Everything is working and thank you both.
Top Expert 2008

Commented:
Hi,

just to clarify, you do not need "one IP address per SSL site" - the requirement is "one IP address per SSL CERTIFICATE"

you can still have multiple 'sites' using the same IP address, so long as they all use the same (i.e. wildcard) certificate.

Cheers!

Author

Commented:
That is correct. We have two wildcard SSL CERTS/domains with multiple sub-domains (example:  site1.mydomain1.com,  site2.domain1.com, site3.mydomain1.com  AND  site1.mydomain2.com,  site2.domain2.com, site3.mydomain2.com).

Commented:
Hence my original answer.   :)
Top Expert 2008

Commented:
it all makes sense, but I still like to stress the importance of not confusing the concept of 'site' and 'cert' in this context.

Cheers!

Commented:
Yes a good point to make.  One that is often confused.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.