iamuser
asked on
IIS 8/8.5 website and multiple SSL bindings
I have 1 website with 1 IP in IIS using both port 80 and port 443. I own 2 wild card certs, one for the external address (@mycompany.com) and one of the internal address (@inside.mycompany.com)
Current SSL certificate that's tied to port 443 is using the external Cert. And the website is reachable external via SSL without issues.
Internally we can reach the website using http on port 80 with the FQDN and that works fine
Management wants SSL applied to the internal web site instead of using http. One method I thought of was to add an additional IP to the website. In Local DNS add a new host name pointed to that IP. Bind the internal Cert to the IP on Port 443. Everyone goes to the website using the new FQDN. To get to the internal Site they using the new FQDN. The concern I have with this approach is that the server still has 2 IP's and local DNS will reflect that. If anything anywhere references the FQDN of the server they could end up getting an error or the wrong item displayed. I
what other options are there?
Current SSL certificate that's tied to port 443 is using the external Cert. And the website is reachable external via SSL without issues.
Internally we can reach the website using http on port 80 with the FQDN and that works fine
Management wants SSL applied to the internal web site instead of using http. One method I thought of was to add an additional IP to the website. In Local DNS add a new host name pointed to that IP. Bind the internal Cert to the IP on Port 443. Everyone goes to the website using the new FQDN. To get to the internal Site they using the new FQDN. The concern I have with this approach is that the server still has 2 IP's and local DNS will reflect that. If anything anywhere references the FQDN of the server they could end up getting an error or the wrong item displayed. I
what other options are there?
ASKER
when you say create a binding for the internal website are you referring to adding a host header to the site? Then do cname of the host header pointed to the web server's name?
ASKER
Thanks, I'll give that a try. Would you say this is the best practice/standard or would assigning extra ip better
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https internal.domain.com
add in your dns a cname internal.domain.com pointing to your web server's name
This will use SNI which is supported on all modern browsers