Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Host multiple domains with different SSL Certificates IIS7

Posted on 2010-08-24
6
Medium Priority
?
1,269 Views
Last Modified: 2012-05-10
I am having problems setting up multiple websites, each with different domain names and SSLcertificates. The sites are hosted on IIS7 running off of Server 2008. The issue I'm having seems to be with the port configuration (443).

I have two domain names (subdomain.domain1.com and subdomain.domain2.com), each with SSL certificates. I want to be able to serve these sites without including the port in the URL. The problem, however, that once I assign one of the certificates to use port 443 with a certificate, I'm unable to bind the other website/certificate on the same port. I am, however, able to get the other site working with SSL if I bind it to another port, but this only works if the port number is included in the URL - which is what I don't want.

Is there a way to assign the second website/certificate to a different port, like 444, and have IIS7 automatically serve the site without including the port number in the URL?

The server is setup with an internal IP address of 192.168.0.2. I've added another internal IP address (192.168.0.3) in the network settings, and if I assign the second site to the new IP address, and select port 443, I don't get any certificate error messages about conflicts, but when I try to launch the second site, it doesn't work (it serves up the default website).

I'm thinking that I need to do something with DNS, but so far nothing I've tried has worked. DNS is not something I'm familiar with, so I'm lost here.

I should also mention that the first website has a wildcard SSL certificate (*.domain1.com) whereas the other domain name has a SSL certificate assigned to a specific subdomain (launch.domain2.com). The only DNS entry I have currently is for domain1.local, but the site can be accessed from the internet using domain1.com.

I hope this makes sense to someone, I'm not sure how else to explain what's going on. Any help would be appreciated.
0
Comment
Question by:savetheorcas
5 Comments
 

Author Comment

by:savetheorcas
ID: 33517991
The third link is the only one that comes close to helping me figure this out, but I've already tried using different IP addresses and it doesn't work.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33519076

If any of your sites are setup to listen on "All unassigned":443 then you will have trouble. Ensure that you have selected a specific IP address for the SSL binding in each case.

Chris
0
 
LVL 7

Accepted Solution

by:
briandunkle earned 2000 total points
ID: 33534500
?
It absolutely has to do with DNS - the primary way for IIS to separate out different sites on the same server is by Host Header, i.e. the URL used to get to the site.
You can separate the sites 3 ways:
IP Address
Host Header
Port number
To do it by (non-standard) port number, you naturally have to include the port number in the URL, and you really don't want to deviate from 443 for ssl, anyway, that'll throw flags; To do it by IP would work, but that's a waste of addresses; Host Header is the way to go.
If you don't have a dns server you can use for testing, you can put the addresses in manually - on a windows xp box, for example, you can put them into C:\WINDOWS\system32\drivers\etc\hosts (hosts is a text file) like
192.168.0.2  mydomain.com

When you put the url mydomain.com into your browser, it'll know to go to the IP from the hosts file, and IIS will see mydomain.com in the header and serve up whichever site is associated with it.
As long as the host header is set, you can use 443 for multiple sites with diff certificates, no problem..

0
 
LVL 7

Expert Comment

by:briandunkle
ID: 33534511
the above about the hosts file refers to putting the addresses into the CLIENT manually. The server doesn't need to resolve the addresses unless it has the FQDN somewhere in the page code.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question