multiple ssl use port 443 on same host possible

I know I can use port 80 for multiple sites with host headers defined. I
am unable to do this with port 443 for SSL.

I get an event 1007 W3SVC
Cannot register the URL prefix 'https://*:443/' for site '1920346886'. The
necessary network binding may already be in use. The site has been
deactivated. The data field contains the error number.

Do I need another port -one for each site like 445?

Thanks
Cr

Re: multiple ssl use port 443 on same host possible

One cert, one site, one IP, one hostname and one port. Doing anything else
is going to be complicated and probably not work.

To add more than one, you have to double up on the IP or the port. (The
port probably won't work, for various reasons; firewall, routing, browser
and client issues, etc.)

So, you need more IP addresses to run more than the one site in secured
mode. (The "Host header" part that lets you run more than one site on the
same IP on port 80 is encrypted in an SSL connection, requiring the server
to use only the IP to differentiate requests.

"MSNewsGroup" wrote in message
news:eF325sYxHHA.4592@TK2MSFTNGP05.phx.gbl...
>I know I can use port 80 for multiple sites with host headers defined. I
>am unable to do this with port 443 for SSL.
>
> I get an event 1007 W3SVC
> Cannot register the URL prefix 'https://*:443/' for site '1920346886'. The
> necessary network binding may already be in use. The site has been
> deactivated. The data field contains the error number.
>
> Do I need another port -one for each site like 445?
>
> Thanks
> Cr
>

Re: multiple ssl use port 443 on same host possible

On Jul 13, 2:32 pm, ".._.." <.....@yourmom.mil> wrote:
> One cert, one site, one IP, one hostname and one port. Doing anything else
> is going to be complicated and probably not work.
>
> To add more than one, you have to double up on the IP or the port. (The
> port probably won't work, for various reasons; firewall, routing, browser
> and client issues, etc.)
>
> So, you need more IP addresses to run more than the one site in secured
> mode. (The "Host header" part that lets you run more than one site on the
> same IP on port 80 is encrypted in an SSL connection, requiring the server
> to use only the IP to differentiate requests.
>
> "MSNewsGroup" wrote in message
>
> news:eF325sYxHHA.4592@TK2MSFTNGP05.phx.gbl...
>
>
>
> >I know I can use port 80 for multiple sites with host headers defined. I
> >am unable to do this with port 443 for SSL.
>
> > I get an event 1007 W3SVC
> > Cannot register the URL prefix 'https://*:443/' for site '1920346886'. The
> > necessary network binding may already be in use. The site has been
> > deactivated. The data field contains the error number.
>
> > Do I need another port -one for each site like 445?
>
> > Thanks
> > Cr- Hide quoted text -
>
> - Show quoted text -

Having multiple IP address is certainly the easiest way to secure
multiple sites but you can definitely configure IIS to have more than
one certificate on an IP address. I'm not familiar enough to know what
the problem is that you're having but here are some notes about using
Host Headers that might help: http://agramont.net/blogs/conrad/archive/2006/06/26/21.aspx

--
Robert
SSL Shopper - SSL certificate comparison
http://www.sslshopper.com

Re: multiple ssl use port 443 on same host possible

Sure, for an extra $500 bucks for a wilcard certificate (each domain name)
or self-signed certificates.

And you can't use the IIS GUI tools to configure host headers anymore:

From the KB covering the subject:
>SSL host headers cannot be configured by using the IIS Manager UI.

>Using SSL host headers requires that the wildcard certificate be installed
>on each Web site from which you want to serve protected content. This adds
>overhead to site management, because you must manually ensure that multiple
>sites are kept in sync with each other.

>You must configure secure bindings for each Web site that uses the wildcard
>server certificate to prevent unauthorized use of that certificate.

Include registry, using SDK tools, sparce documentation, probably an
unsupported configuration in a bunch of other software... etc.

So.. I'd say if you are a super genious in a third world country (with only
254 addresses allocated to it total) and have nothing but time to spare on
the project then go ahead.

For a moderately or slightly experienced user (someone asking about running
securely on a different port, for example) that would be a one way ticked to
a screwed up server.

So, I disagree. One IP per certificate per site is the only solution to
this problem. And extra few bucks a month for a couple additional IP
addresses is still the best option for 99% of the users out there to get
around the HTTP 1.1 host header encryption problem.


"Robert" wrote in message
news:1184426159.355407.66830@d55g2000hsg.googlegroups.com...
> On Jul 13, 2:32 pm, ".._.." <.....@yourmom.mil> wrote:
>> One cert, one site, one IP, one hostname and one port. Doing anything
>> else
>> is going to be complicated and probably not work.
>>
>> To add more than one, you have to double up on the IP or the port. (The
>> port probably won't work, for various reasons; firewall, routing, browser
>> and client issues, etc.)
>>
>> So, you need more IP addresses to run more than the one site in secured
>> mode. (The "Host header" part that lets you run more than one site on
>> the
>> same IP on port 80 is encrypted in an SSL connection, requiring the
>> server
>> to use only the IP to differentiate requests.
>>
>> "MSNewsGroup" wrote in message
>>
>> news:eF325sYxHHA.4592@TK2MSFTNGP05.phx.gbl...
>>
>>
>>
>> >I know I can use port 80 for multiple sites with host headers defined.
>> >I
>> >am unable to do this with port 443 for SSL.
>>
>> > I get an event 1007 W3SVC
>> > Cannot register the URL prefix 'https://*:443/' for site '1920346886'.
>> > The
>> > necessary network binding may already be in use. The site has been
>> > deactivated. The data field contains the error number.
>>
>> > Do I need another port -one for each site like 445?
>>
>> > Thanks
>> > Cr- Hide quoted text -
>>
>> - Show quoted text -
>
> Having multiple IP address is certainly the easiest way to secure
> multiple sites but you can definitely configure IIS to have more than
> one certificate on an IP address. I'm not familiar enough to know what
> the problem is that you're having but here are some notes about using
> Host Headers that might help:
> http://agramont.net/blogs/conrad/archive/2006/06/26/21.aspx
>
> --
> Robert
> SSL Shopper - SSL certificate comparison
> http://www.sslshopper.com
>