Adding multiple websites with different SSL certificates in IIS 7
Solution 1
Implementing Elastic Load Balancing for the Amazon instance solve the issue (http://aws.amazon.com/elasticloadbalancing/)
Solution 2
Generally, a separate IP is required for each SSL site, so if you attempt to bind to the same IP you will see the above error.
This is due to the way SSL works. The server is unable to read the HTTP host header during the handshake process, so it can't use that header information to choose which site (and certificate) to use. Thus certificates in IIS are basically bound per-IP, rather than per-site.
If you have a wildcard certificate or ASN certificate that applies to multiple sites, you can set it up as follows:
- Bind cert to first site on the IP
- For host header sites, execute the following command in the inetsrv folder:
appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
Replace and with the appropriate values (Website1 and www.example.com, for example).
SNI is supported in IIS8 to allow multiple unrelated SSL sites on the same IP. Note that SNI is only supported in modern browsers, so it may cause problems for you if you are running a commercial site with a wide audience, like Windows XP users running older versions of Internet Explorer.
Related videos on Youtube
11 : 24
05 : 24
08 : 33
04 : 54
01 : 45
Timka
Updated on September 18, 2022Comments
-
Timka over 1 year
I'm having troubles using SSL for 2 different websites on my IIS 7 server. Please see my setup below:
website1: my.corporate.portal.com
SSL certificate for website1: *.corporate.portal.com
https/443 binded to my.corporate.portal.com
website2: client.portal.com SSL certificate issued for: client.portal.com When I try to bind https in IIS7 with the client's certificate, I don't have an option to put host name(grayed out) and as soon as I select 'client.portal.com' cert, I'm getting the following error in IIS:
At least one other site is using the same HTTPS binding and the binding is configured with a different certificate. Are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the new certificate?If I click 'yes' my.corporate.portal.com website stops using the proper SSL cert.
Could you suggest something?
-
Timka over 11 yearsAdding additional IP would be a problem since this server is on EC2/Amazon
-
Jimbo almost 7 yearsOr you can tick the "Require Server Name Indication" checkbox when adding the HTTPS binding to each site (other than the sites you associated with the first SSL certificate)
-
phoebus almost 7 years@Jimbo This was addressed already in the final section of the answer.
