Multiple virtual SSL sites on 1 IIS6 server

I host several virtual web sites on an IIS6 server utilizing the host header
record for differentiating each site. I currently have 1 SSL site on this
server but would like to configure a few more. I did some web searching and
if I was understanding everything correctly, you can do this but the examples
that were given did not seem to represent the solution that I am looking for.
First, everything stated that I would need a wildcard SSL certificate. I
understand this one. However, each article I can across gave examples such
as:
www.yourdomain.com
secure.yourdomain.com
ecommerce.yourdomain.com

This is showing the same domain (yourdomain.com) just different FQDN. Is it
possible to have multiple SSL virtual sites utilizing the host header record
if the domains themselves are different such as:
secure.companya.com
secure.companyb.com
ecommerece.companyc.com

Many thanks in advance for all replies!

Re: Multiple virtual SSL sites on 1 IIS6 server

Hi,

Configuring SSL Host Headers (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer20 03/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr =true

Yes, for this to work you need a wildcard certificate and you are correct,
wild card certificate would look like this:

*.domain.com

What you are asking is to get a certificate with:

*.com or *.org or *.net ...

Now this would not be very secure would it? :-). If anyone could get such
certificates, now everyone would be trusted to serve domain such as
microsoft.com or amazon.com or ... (and commercial CA servers would earn
much less this way) ;-).

So the answer to your question -- no you can't have one wildcard certificate
for multiple domains. You would need to get at least one certificate per
domain name. Also note that not all commercial CA servers will issue
wildcard certificate (again main reason being less $$$).

--
Mike
Microsoft MVP - Windows Security

"Troy" wrote in message
news:480F8465-D990-4090-843E-B22CC1F483DC@microsoft.com...
>I host several virtual web sites on an IIS6 server utilizing the host
>header
> record for differentiating each site. I currently have 1 SSL site on this
> server but would like to configure a few more. I did some web searching
> and
> if I was understanding everything correctly, you can do this but the
> examples
> that were given did not seem to represent the solution that I am looking
> for.
> First, everything stated that I would need a wildcard SSL certificate. I
> understand this one. However, each article I can across gave examples
> such
> as:
> www.yourdomain.com
> secure.yourdomain.com
> ecommerce.yourdomain.com
>
> This is showing the same domain (yourdomain.com) just different FQDN. Is
> it
> possible to have multiple SSL virtual sites utilizing the host header
> record
> if the domains themselves are different such as:
> secure.companya.com
> secure.companyb.com
> ecommerece.companyc.com
>
> Many thanks in advance for all replies!
>

Re: Multiple virtual SSL sites on 1 IIS6 server

Is my best option to give my web server an additional IP, bind that new SSL
site to that IP and then install the certificate for the SSL site?

"Miha Pihler [MVP]" wrote:

> Hi,
>
> Configuring SSL Host Headers (IIS 6.0)
> http://www.microsoft.com/technet/prodtechnol/WindowsServer20 03/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr =true
>
> Yes, for this to work you need a wildcard certificate and you are correct,
> wild card certificate would look like this:
>
> *.domain.com
>
> What you are asking is to get a certificate with:
>
> *.com or *.org or *.net ...
>
> Now this would not be very secure would it? :-). If anyone could get such
> certificates, now everyone would be trusted to serve domain such as
> microsoft.com or amazon.com or ... (and commercial CA servers would earn
> much less this way) ;-).
>
> So the answer to your question -- no you can't have one wildcard certificate
> for multiple domains. You would need to get at least one certificate per
> domain name. Also note that not all commercial CA servers will issue
> wildcard certificate (again main reason being less $$$).
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Troy" wrote in message
> news:480F8465-D990-4090-843E-B22CC1F483DC@microsoft.com...
> >I host several virtual web sites on an IIS6 server utilizing the host
> >header
> > record for differentiating each site. I currently have 1 SSL site on this
> > server but would like to configure a few more. I did some web searching
> > and
> > if I was understanding everything correctly, you can do this but the
> > examples
> > that were given did not seem to represent the solution that I am looking
> > for.
> > First, everything stated that I would need a wildcard SSL certificate. I
> > understand this one. However, each article I can across gave examples
> > such
> > as:
> > www.yourdomain.com
> > secure.yourdomain.com
> > ecommerce.yourdomain.com
> >
> > This is showing the same domain (yourdomain.com) just different FQDN. Is
> > it
> > possible to have multiple SSL virtual sites utilizing the host header
> > record
> > if the domains themselves are different such as:
> > secure.companya.com
> > secure.companyb.com
> > ecommerece.companyc.com
> >
> > Many thanks in advance for all replies!
> >
>
>
>

Re: Multiple virtual SSL sites on 1 IIS6 server

Hi Troy,

Yes, that usually works best for SSL sites.

--
Mike
Microsoft MVP - Windows Security

"Troy" wrote in message
news:640B34C3-A57E-4FC1-8368-04DF572F0A36@microsoft.com...
> Is my best option to give my web server an additional IP, bind that new
> SSL
> site to that IP and then install the certificate for the SSL site?
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> Configuring SSL Host Headers (IIS 6.0)
>> http://www.microsoft.com/technet/prodtechnol/WindowsServer20 03/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr =true
>>
>> Yes, for this to work you need a wildcard certificate and you are
>> correct,
>> wild card certificate would look like this:
>>
>> *.domain.com
>>
>> What you are asking is to get a certificate with:
>>
>> *.com or *.org or *.net ...
>>
>> Now this would not be very secure would it? :-). If anyone could get such
>> certificates, now everyone would be trusted to serve domain such as
>> microsoft.com or amazon.com or ... (and commercial CA servers would earn
>> much less this way) ;-).
>>
>> So the answer to your question -- no you can't have one wildcard
>> certificate
>> for multiple domains. You would need to get at least one certificate per
>> domain name. Also note that not all commercial CA servers will issue
>> wildcard certificate (again main reason being less $$$).
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "Troy" wrote in message
>> news:480F8465-D990-4090-843E-B22CC1F483DC@microsoft.com...
>> >I host several virtual web sites on an IIS6 server utilizing the host
>> >header
>> > record for differentiating each site. I currently have 1 SSL site on
>> > this
>> > server but would like to configure a few more. I did some web
>> > searching
>> > and
>> > if I was understanding everything correctly, you can do this but the
>> > examples
>> > that were given did not seem to represent the solution that I am
>> > looking
>> > for.
>> > First, everything stated that I would need a wildcard SSL certificate.
>> > I
>> > understand this one. However, each article I can across gave examples
>> > such
>> > as:
>> > www.yourdomain.com
>> > secure.yourdomain.com
>> > ecommerce.yourdomain.com
>> >
>> > This is showing the same domain (yourdomain.com) just different FQDN.
>> > Is
>> > it
>> > possible to have multiple SSL virtual sites utilizing the host header
>> > record
>> > if the domains themselves are different such as:
>> > secure.companya.com
>> > secure.companyb.com
>> > ecommerece.companyc.com
>> >
>> > Many thanks in advance for all replies!
>> >
>>
>>
>>