 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / IIS / IIS Security / July 2008Mulit-domain SSL cert installation
I am hosting multiple domains on my Win2k3/IIS 6 server using a single IP address and host headers. For the past year I have had only one domain that required an SSL certificate. Now I have two, and I learned the hard way that I can't have 2 separate SSL certs on the same server with only 1 IP address. Rather than use up one of my limited external IP addresses, I went to Godaddy and purchased a multi-domain cert (not a wildcard cert) with one primary domain and 2 secondardy names (SANs.) However, everything went downhill when I tried to install the new cert. I exported and removed the original cert, then installed the new cert on the new primary web site. I then installed the existing cert on the other web site. At this point nothing worked. The new primary site wouldn't start because port 443 was already in use, and the original site wouldn't find its secure pages. Godaddy support said this was beyond the scope of their knowledge (even thought they sold the cert.) Does anyone have any experience with multi-domain certs? This is a production web server and I can't do any testing during the day. Any help is greatly appreciated. Thanks, Joe > I am hosting multiple domains on my Win2k3/IIS 6 server using a single IP > address and host headers. For the past year I have had only one domain that [quoted text clipped - 15 lines] > Thanks, > Joe I suggest starting with the IIS documentation of how to do SSL of multiple domains over a single IP. If you follow its instructions and understand the fundamental limitations of SSL in your scenario (no matter what web server you use), you should be fine. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9 108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang // David, Yes, I have already read through that (and everything else I can find.) But that article only refers to 'wildcard' certs, which are used for multiple host names under a single domain name. I am seeking help in using a multi-domain cert for multiple hosts under separate domain names. Can you direct me to any documentation on this? I have been unable to find any, and Godaddy's tech support is unwilling/unable to resolve the problem. Thanks, Joe > > I am hosting multiple domains on my Win2k3/IIS 6 server using a single IP > > address and host headers. For the past year I have had only one domain that [quoted text clipped - 27 lines] > http://blogs.msdn.com/David.Wang > // Substitute multi-domain cert for wildcard cert in the documentation and everything still applies. The number of domains of a certificate does not affect IIS configuration. The reason there is no explicit documentation with the words "multi- domain cert" and "SSL host header" is because no one really wants to configure things like that -- yes, it is possible, but it is poor design -- everytime you want to host a new domain on that same IP with a new host header, you have to purchase a new multi-domain certificate and update every single website to use that domain. This is fine when the number is small like 1, 2, or 3. But if it gets beyond that, your design quickly fails to scale. FYI: This is really not a problem with IIS -- this is really design limitation within SSL and how people want to use it. SSL has no concept of Host Header, which is an HTTP-level concept, on top of the TCP level interaction that SSL operates at. Hence, "SSL Host Headers" is really a smoke-and-mirrors features offered by any web server. Bottom line -- if you want to host many SSL domain names, either: 1. Give an IP for each domain name and assign each a certificate 2. Use same IP and SSL Host Headers with wildcard certificate. Route each hosted domain to its own wildcard name. i.e. hosteddomain1.fixeddomainname.com and hosteddomain2.fixeddomainname.com and configure a single *.fixeddomainname.com certificate Based on your description, you definitely did not follow instructions -- please read the documentation I referenced earlier on how to properly configure SSL Host Headers. //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang // > David, > Yes, I have already read through that (and everything else I can find.) But [quoted text clipped - 40 lines] > > - Show quoted text - David, Thanks for the detailed response. I understand this is a limitation with SSL rather than IIS. Based on your information, I will probably stop trying to make this work on a single IP address. Thanks, Joe > Substitute multi-domain cert for wildcard cert in the documentation > and everything still applies. The number of domains of a certificate [quoted text clipped - 76 lines] > > > > - Show quoted text - |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.