Solved

Can I have one ssl certificate for multiple domains? (iis windows 2003 server)

Posted on 2009-05-05
6
499 Views
Last Modified: 2012-05-06
Hi,
I have a continuation of the question "Can I have one SSL certificate for 3 domains, IIS on a windows 2003 server?"
If the domains are as follows -   domain1.com  and domain2.com will the SAN cert or UC cert still work?  All the examples on the related question use   domain.com, domain.net.   Domain1.com is our original site and we have a requirement to create a dns alias as domain2.com.  Is there any way to get this to work without receiving the security error?    
0
Comment
Question by:carlssj1
  • 3
  • 3
6 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 24307836

A SAN certificate will do just what you need. You would simply add all the domains the site can be accessed by as Alternate Names in the SAN certificate, then install it on the IIS Server.

Provided all the domains map to the same IIS site, this will not be a problem.

If they use multiple IIS sites then you need multiple certificates.

-Matt
0
 
LVL 1

Author Comment

by:carlssj1
ID: 24307889
Let me clarify one more thing...
our situation is actually    xxx.domain2.com     alias of xxx.domain1.com
                                         yyy.domain2.com     alias of yyy.domain1.com

Will this still qualify for one SAN certificate or does it require multiple?

Thanks for your help.
Sandy
0
 
LVL 1

Author Comment

by:carlssj1
ID: 24308005
additional info.....

yyy.domain1.com   is actually  extended sharepoint web application of xxx.domain1.com

Sandy
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 58

Expert Comment

by:tigermatt
ID: 24318383

If you look in IIS Manager, do they actually appear as one 'Site' or two separate 'Sites'? Based on what you are saying, I would suggest they appear as one site.

If they are a single site which the two names both refer to, then a SAN certificate containing xxx.domain1.com and yyy.domain1.com will work for you.

-Matt
0
 
LVL 1

Author Comment

by:carlssj1
ID: 24318449
xxx.domain1.com and yyy.domain1.com appear as two separate sites in iis.  xxx.domain1.com was created as a sharepoint site and then extended as yyy.domain1.com.  One site has a 'listener' in ISA and the other one doesn't.   The new domain sites - xxx.domain2.com and yyy.domain2.com  - were created as aliases of the two original sites in DNS.   They could both point to xxx.domain1.com if this will help us get by with just one certificate.   I really appreciate the help and I hope I have explained it clearly enough.
Thanks,
Sandy
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24318518

That's the information I needed to know. In that case, since they are two separate sites, you cannot use a SAN certificate. You will need to separate certificates, one for xxx and one for yyy.

-Matt
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HTTP to HTTPS redirect is not working 1 47
IIS Issue 7 97
Server error in 'XXXXXXXX' application. 12 69
Allow Local User to Log On FTP 8 48
First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now