Solved

Host multiple domains with different SSL Certificates IIS7

Posted on 2010-08-24
6
1,257 Views
Last Modified: 2012-05-10
I am having problems setting up multiple websites, each with different domain names and SSLcertificates. The sites are hosted on IIS7 running off of Server 2008. The issue I'm having seems to be with the port configuration (443).

I have two domain names (subdomain.domain1.com and subdomain.domain2.com), each with SSL certificates. I want to be able to serve these sites without including the port in the URL. The problem, however, that once I assign one of the certificates to use port 443 with a certificate, I'm unable to bind the other website/certificate on the same port. I am, however, able to get the other site working with SSL if I bind it to another port, but this only works if the port number is included in the URL - which is what I don't want.

Is there a way to assign the second website/certificate to a different port, like 444, and have IIS7 automatically serve the site without including the port number in the URL?

The server is setup with an internal IP address of 192.168.0.2. I've added another internal IP address (192.168.0.3) in the network settings, and if I assign the second site to the new IP address, and select port 443, I don't get any certificate error messages about conflicts, but when I try to launch the second site, it doesn't work (it serves up the default website).

I'm thinking that I need to do something with DNS, but so far nothing I've tried has worked. DNS is not something I'm familiar with, so I'm lost here.

I should also mention that the first website has a wildcard SSL certificate (*.domain1.com) whereas the other domain name has a SSL certificate assigned to a specific subdomain (launch.domain2.com). The only DNS entry I have currently is for domain1.local, but the site can be accessed from the internet using domain1.com.

I hope this makes sense to someone, I'm not sure how else to explain what's going on. Any help would be appreciated.
0
Comment
Question by:savetheorcas
6 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 33517958
0
 

Author Comment

by:savetheorcas
ID: 33517991
The third link is the only one that comes close to helping me figure this out, but I've already tried using different IP addresses and it doesn't work.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33519076

If any of your sites are setup to listen on "All unassigned":443 then you will have trouble. Ensure that you have selected a specific IP address for the SSL binding in each case.

Chris
0
 
LVL 7

Accepted Solution

by:
briandunkle earned 500 total points
ID: 33534500
?
It absolutely has to do with DNS - the primary way for IIS to separate out different sites on the same server is by Host Header, i.e. the URL used to get to the site.
You can separate the sites 3 ways:
IP Address
Host Header
Port number
To do it by (non-standard) port number, you naturally have to include the port number in the URL, and you really don't want to deviate from 443 for ssl, anyway, that'll throw flags; To do it by IP would work, but that's a waste of addresses; Host Header is the way to go.
If you don't have a dns server you can use for testing, you can put the addresses in manually - on a windows xp box, for example, you can put them into C:\WINDOWS\system32\drivers\etc\hosts (hosts is a text file) like
192.168.0.2  mydomain.com

When you put the url mydomain.com into your browser, it'll know to go to the IP from the hosts file, and IIS will see mydomain.com in the header and serve up whichever site is associated with it.
As long as the host header is set, you can use 443 for multiple sites with diff certificates, no problem..

0
 
LVL 7

Expert Comment

by:briandunkle
ID: 33534511
the above about the hosts file refers to putting the addresses into the CLIENT manually. The server doesn't need to resolve the addresses unless it has the FQDN somewhere in the page code.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now