Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

Putting Multiple SSL certs on a single web server that hosts several virtual sites in different domains

I have a server that is running Windows 2003 with IIS 6 that hosts several sites.  Up until recently they where all in the same domain XYZ.COM lets say.  Because of that we have a wild card cert for *.XYZ.COM.  Recently we where asked to change the domain on several of the sites to ABC.COM.  I understand that I can only have one SSL cert per IP/PORT combination.  Is it feasible to run the XYZ.COM sites off of one IP and have the wildcart cert bound to that and then add another static IP on the same server and run ABC.COM off of that IP with a seperate SSL cert for ABC.COM.  In other words:

Current Setup:
1 IIS Site
1 IP
1 Port Shared  443
*.ABC.COM wildcard cert
3 Domain Names
www.ABC.COM
web.ABC.COM
test.XYZ.COM

New Setup
2 IIS Sites

Site 1
Original site IP
Port 443
*.ABC.COM wildcard cert
Domains
   www.ABC.COM
   web.ABC.COM

Site 2
New Site IP
Port 443
New test.XYZ.COM cert
Domain
   test.XYZ.COM
0
Tardy
Asked:
Tardy
1 Solution
 
meverestCommented:
Hi,

yes, you can use the same wildcard cert for different web sites regardless of whether it is on the same or different IP address.

Cheers!
0
 
kevinhsiehCommented:
Your plan as posted should work. It sounds like you slighly mis-posted because *.XYZ.COM is the original set of domains, and it should be on site 1. Site 2 would have test.abc.com and would have a new SSL certificate for test.abc.com or *.abc.com. You can't re-use the *.xyz.com SSL certificate for abc.com because it will generate SSL errors on the client.
0
 
ravenplCommented:
> I understand that I can only have one SSL cert per IP/PORT combination.
Unless You configure server to use http://en.wikipedia.org/wiki/Server_Name_Indication
Sadly IIS does not support SNI.
If You can have two different IPs - go ahead, otherwise You would need to put some proxy with SNI support in front of IIS.
0
 
meverestCommented:
keep in mind that SNI requires client support too - so even if you implement this feature, many clients will not be able to access your https site.

Cheers!
0
 
TardyAuthor Commented:
kevinhsieh:  Yes I reversed the certs by accident when I wrote the example at the bottom.  Thank you for validating the plan.  Off to testing!
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now