problem with adding second SSL certificate

I am running IIS 6 (W2003 Standard server) and have 10 websites configured.
All websites have unique host header values.

Two of the sites I need SSL running. The first site has had SSL running
since we built this system. I am needing to add the second website with SSL
certificate.

The problem is that when I enable port 443 under the Web Site Identification
tab; stop and start the site I get the following error:

"IIS was unable to start the site. Another site may already be using the
port you configured for this site. Please select a unused port for this site."

Why cannot I configure a second website on the same server for SSL? The
certificates I'm using are different URL's.

How do I get around this to make this work?

Re: problem with adding second SSL certificate

On Aug 6, 6:18 am, KBing wrote:
> I am running IIS 6 (W2003 Standard server) and have 10 websites configured.
> All websites have unique host header values.
>
> Two of the sites I need SSL running. The first site has had SSL running
> since we built this system. I am needing to add the second website with SSL
> certificate.
>
> The problem is that when I enable port 443 under the Web Site Identification
> tab; stop and start the site I get the following error:
>
> "IIS was unable to start the site. Another site may already be using the
> port you configured for this site. Please select a unused port for this site."
>
> Why cannot I configure a second website on the same server for SSL? The
> certificates I'm using are different URL's.
>
> How do I get around this to make this work?


You cannot enable SSL for the same IP:Port combination with two
different certificates.
- One way to get your configuration to work is to get a second IP
address for your other website.
- The other is to use the same IP and a different port.
- A third way with IIS6 on Windows Server 2003 SP1 and later is to use
Host headers for SSL, but that requires the *same* certificate for SSL
-- so you need the certificate to have a CN for both website.

There is nothing to "get around" to make this work. This is how SSL
works by its specification.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: problem with adding second SSL certificate

I'm not sure if this is exactly what you need but I'm told it works.

You can request an SSL cert with more than one web site (subject) name. You
cannot do it with the GUI but only with the certutil tool. See the altnames
item, which is a subject alternate name. Again, I have not done it.

So, you will have one cert which enables SSL both sites at the same IP
number.

"David Wang" wrote in message
news:1186427571.325031.254760@i13g2000prf.googlegroups.com.. .
> On Aug 6, 6:18 am, KBing wrote:
>> I am running IIS 6 (W2003 Standard server) and have 10 websites
>> configured.
>> All websites have unique host header values.
>>
>> Two of the sites I need SSL running. The first site has had SSL running
>> since we built this system. I am needing to add the second website with
>> SSL
>> certificate.
>>
>> The problem is that when I enable port 443 under the Web Site
>> Identification
>> tab; stop and start the site I get the following error:
>>
>> "IIS was unable to start the site. Another site may already be using the
>> port you configured for this site. Please select a unused port for this
>> site."
>>
>> Why cannot I configure a second website on the same server for SSL? The
>> certificates I'm using are different URL's.
>>
>> How do I get around this to make this work?
>
>
> You cannot enable SSL for the same IP:Port combination with two
> different certificates.
> - One way to get your configuration to work is to get a second IP
> address for your other website.
> - The other is to use the same IP and a different port.
> - A third way with IIS6 on Windows Server 2003 SP1 and later is to use
> Host headers for SSL, but that requires the *same* certificate for SSL
> -- so you need the certificate to have a CN for both website.
>
> There is nothing to "get around" to make this work. This is how SSL
> works by its specification.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>