?
Solved

How do I setup a https subdomain on a ip address that the main domain is on?

Posted on 2011-10-12
12
Medium Priority
?
324 Views
Last Modified: 2012-05-12
I am trying to setup a subdomain on our main domain name.
Our DNS is done through godaddy and our website is hosted on our server at our office.
I setup hosts headers with the following.
www.subdomain.domain.us
subdomain.domain.us
0
Comment
Question by:kallatech
  • 7
  • 4
12 Comments
 
LVL 30

Expert Comment

by:Brad Howe
ID: 36958172
Depends :)

1. What OS are you running IIS on?
2. How many external IP Addresses do you have?
3. Do you current have HTTPS on the maindomain.com?
4. Do you current have an SSL Certificate?

Let us know this and we can better answer the question for you.

Cheers,
Hades666
0
 

Author Comment

by:kallatech
ID: 36958712
2008 server
20 ip addresses
Https is on the main domain
We do have a current certificate
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 36958954
Ok, Then simple enough but it will cost.

Host headers are used to host multiple web sites on one IP address. You have this set since you setup the DNS and the IIS BINDING to the site already.

Now the SSL Issue. Let's start with the basics.

Wildcard SSL Certificate is used to secure any subdomain of a primary domain that it was issued to. For example, a Wildcard SSL certificate issued to *.domain.com to secure

subsite1.domain.com
subsite2.domain.com
anything.domain.com

The *.domain.com certificate applied would be valid on any of these three domains and would be bound to the site. There for the server wouldn't provide a certificate name error.

UC [Unified Communications] or SAN [Subject Alternative Name] SSL certificate is used to secure multiple fully-qualified domain names in one certificate. For example, a UC/SAN certificate can be issued to include to secure;

www.domain.com
site5.domain.com
www.domain2.com
mail.domain3.com

To Answer your quetion - Essentially, since you already have an SSL for the main domain.com, you will need to purchase a Wildcard or UC Certificate from GoDaddy.

Call them and ask about the option to upgrade to a Multiple Domains UCC Certificate.
http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8979

There shouldn't be an issue if the renew is soon or it was just purchased.

Hope it helps clarify things,
Hades666
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 31

Expert Comment

by:Paranormastic
ID: 36964129
You would need the SAN certificate as described above.  The wildcard will not work for your scenario.

www.subdomain.domain.us
subdomain.domain.us

These have two different tiers.  *.domain.us would work for subdomain.domain.us but not www.subdomain.domain.us.  *.subdomain.domain.us would work for www.subdomain.domain.us but not subdomain.domain.us.

GoDaddy has them for a very reasonable price and they are trusted by just about everything these days.
0
 

Author Comment

by:kallatech
ID: 36964249
This is the kind of certificate we have currently.

Are you saying we would need an additional certificate to setup a name.domainname.us?

Would I need both a cname and an a record in the godaddy configuration?
0
 

Author Comment

by:kallatech
ID: 36964252
Standard Multiple Domain (UCC) SSL Up to 5 Domains
0
 
LVL 30

Accepted Solution

by:
Brad Howe earned 2000 total points
ID: 36964356
Yes, A Standard Multiple Domain is what you need to have. The old SSL will no be required.

Once the SSL is setup, you will then use SSL HOST BINDINGS to add them to the new subdomain sites.

Bind the Certificate to a website

1. In the Connections pane, click on the website that you want to bind the certificate first to.
2. In the Actions pane, click on Bindings…
3. Click on the Add… button.
4. Change the Type to https and then select the SSL certificate that you just installed. Click OK.
5. You will now see the binding for port 443 listed. Click Close.

Test your first site.
  https://www.domain.com

Create an SSL Binding

Once the certificate is installed into IIS, bind it to the first site on the IP address.  Replace <IISSiteName>  with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)

1. Using AppCMD to assign the ssl host header for the remaining sites by opening CMD>, navigating to “cd C:\Windows\System32\Inetsrv\” and using APPCMD.

appcmd set site /site.name:”<YOUR WEBSITE NAME>” /+bindings.[protocol='https',bindingInformation='*:443:<YOUR SSL DOMAIN URL>']

Hope it helps,
Hades666
0
 

Author Comment

by:kallatech
ID: 36967534
So I created a Host A record named subdomain and pointed it to the ip address.
Since this site will use https do I need to create a cname record with the designation https and point it to subdomain.domain.us?
0
 

Author Comment

by:kallatech
ID: 36967614
Once I changed my binding on the website to https port 443 and ip address it wouldn't give me the option to setup a host header.
0
 

Author Comment

by:kallatech
ID: 36967716
I can access the new site subdomain.domain.us now externally but still need to re-key the certificate.
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 36967747
Sounds great .

 So you have setup the Arecord, binded it to the website on port 80 and the used appcmd to bind it to port 443 using your existing SSL.

If that is the case, all you need now is the multi-UCC Certificate.

Cheers,
Hades666
0
 

Author Closing Comment

by:kallatech
ID: 36999362
Thank you
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question