IIS - IIS6, Multiple Sites and SSL
Asked By Charles Chadwick
03-Nov-09 05:24 PM
This may sound a little stupid, but I'm more of a dev guy than a server admin and I am incredibly boneheaded when it comes to IIS. So please bear with me here.
I currently have a client that has a dedicated 2K3 box running IIS6. They are hosting one site on this box, with two domains resolving to that site (domain1.com, domain2.com). The site is stored in the typical C:\Inetpub\www folder. In addition, there is a section of the site that is protected by SSL. There are two SSL certs, one for each domain.
When a user goes to https://www.domain1.com, everything is fine. However, when the user goes to https://www.domain2.com, Internet Explorer kicks up a security warning. Obviously, this is not what we want.
Here is a bit of information as best as I can give it about the site setup in the IIS Manager.
There are two sites listed here, "domain1.com" and "Administration". When I go into the properties for domain1.com, the IP address has a value of "(All Unassigned)".
Under Advanced, "domain2.com" is listed with an IP address of "Default". Also, in "Multiple SSL identities for this Web site" there is one entry with the IP address of "Default" and the standard SSL port of 443.
I can view the certificate for domain1.com under "Directory Security > View Certicate". It appears everything is OK there.
So, to recap: I am trying to set up separate SSL certificates for separate domains that both lead to the same place. Is this possible? If anyone can explain the process to me (and dumb it down as much as possible) or at least point me in the right direction, it would be greatly appreciated.
Please let me know if this doesn't make any sense, or if I didn't provide you with enough (or the right) information.
Hmm, Not sure the SSL certs are going to behave properly that way
There may be better solutions to this but the easist way might be to create two separate IIS sites each assigned to a different bound IP. However, point both to the same directory for the web site root.
You could use url forwarding or even bind the two domains to the same ip. That might not fix your security warnings though.
Multiple SSL certs
The solution really depends what you want the user experience to be. The easiest solution, as Robbe mentioned, would be to create a new site for domain2.com and make it a "permanent redirect" to an "exact URL" and point it to domain1.com.
Now, if a user browses to domain2.com and you want them to stay on domain2.com and not be redirected, you'd need to purchase another SSL cert for domain2.com and put it on another IIS site with another IP - the point here is that you cannot bind more than one cert to a single IP. Then, as Robbe said, you can point both to the same home directory.
Multiple SSL Certs IIS I currently have two different SSL certificates running on the same Windows 2000 Server. However, when I assign a site to one that was created first). How can I get a site to use a different SSL cert? IIS Discussions Multiple (1) Certs (1) Currently (1) Certificates (1) Windows (1) Server (1) Assign (1) Newly (1) One site IP address. You need one for EACH web site with a cert on it. keywords: Multiple, SSL, Certs description: I currently have two different SSL certificates running on the same Windows
Exchange 2003 - Multiple SSL Certs Exchange Server Setup: Two node Exchange 2003 mailbox cluster + 2 node NLB cluster FE. All running SP2 Question: At the moment FBA / SSL is set-up on the FE and OWA is available to internal users only with are in the public domain. If we create another site in IIS with its own SSL cert & ip address, is it possible to have the IIS default site serve up OWA only and the 2nd site serve up OMA / push email ?. The customer wants a different SSL cert to apply to OWA users to that of mobility users. I'm not sure offer advice on how this should be configured? Exchange Design Discussions IIS (1) OWA (1) SSL (1) FE (1) ActiveSync (1) OMA (1) MVP (1) URL (1) On Tue, 1 May They dont want the default site address open to the net, hence the 2nd site / SSL cert idea with its own ip address. On Tue, 1 May 2007 10:41:00
multiple SSL bridge? Windows Server I haven’t been able to find an exact answer to what if it's been answered, then I apologize. Our department has the need to host multiple SSL sites on an IIS box with only one external IP address that is using host to direct https requests to the proper web site and be the endpoint for the SSL connections instead of IIS? Thank you ISA Configuration Discussions ISA Server 2004 (1) IIS (1 Origianl (1) Cert (1) Fd6eeb6cfa07 (1) EC9D0D4546EF (1) Edgesecurity (1) Listeners (1) Yes. . . You create multiple Publishing rules, using matching web listeners, for specific URL's and confgure the Publishing Rule use the Host header opens to determin teh correct site. . . If you use a wildacrd SSL Cert, you could even get away with just one certificate. Hi Dave, thanks for the info. Since I have multiple certificates (several different domains), I assume that I will need to install all the cert
multiple SSL certificates sharing single external ip for ISA 2006? Windows Server Is it possible to have multiple SSL certificates sharing a single external ip for ISA 2006? I'm running IIS on the ISA 2006 server itself. I would guess for multiple sites that needed SSL I'd create a separate rule for each, add another ip to the Internal NIC Bridging' tab? I know that ISA 2000 did not allow sharing a single ip with multiple SSL certs, just wondering if this has changed? - - Thanks in advance, Les Caudle ISA Discussions IIS
Exchange 2010 and SSL certs Exchange Server I am trying to setup a Exchange 2010 and use NAT on my network. It appears that in 2010 I need two seperate SSL certs, one for the public address and one for the private address. Is this the case Exchange Miscellaneous Discussions Daddy (1) Certs (1) Years (1) MCSE (1) CCNA (1) SSL (1) UCC (1) No, you can purchase a SAN (Multi Domain) Certificate. I prefer Go Certified Partner Never heard of a SAN cert. Is that a newer version of an SSL cert? The certificate is more properly known as a Universal Communications Certificate, or UCC, which supports the Subject Alternative Name (SAN) field, which allows you to apply multiple hostnames in the same certificate. Go Daddy sells them for three years at something like