IIS6/SSL/MultipleSites

I have multiple websites on my Windows 2003 R2 server and using host
headers. Currently I use All Unassigned IPs in each sites setup. I
have a Linksys router that uses a block of public static ips that I have
mapped to my network connection as a private 192.168.x.x. I can assign
up to 5 public ip addresses that will all go through my router. For SSL
to work on multiple sites, I read that I have to use a different IP for
each domain. If I assign a different public ip to each domain at the
registers DNS, is this all I need to do or do I need to assign a
different private ips on the server?

TIA

Re: IIS6/SSL/MultipleSites

Internally, each SSL should bind on diff internal IP.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"gh" wrote in message
news:u9uxF2n6HHA.1208@TK2MSFTNGP03.phx.gbl...
>I have multiple websites on my Windows 2003 R2 server and using host
>headers. Currently I use All Unassigned IPs in each sites setup. I have a
>Linksys router that uses a block of public static ips that I have mapped to
>my network connection as a private 192.168.x.x. I can assign up to 5
>public ip addresses that will all go through my router. For SSL to work on
>multiple sites, I read that I have to use a different IP for each domain.
>If I assign a different public ip to each domain at the registers DNS, is
>this all I need to do or do I need to assign a different private ips on the
>server?
>
> TIA

Re: IIS6/SSL/MultipleSites

Each website can only use a single SSL certificate. Unless the SSL
certificate has subject alternate names that match each DNS name that the
site is listening on, then you'll need a distinct combination of IP
address+port for each site (i.e. you can't use host-headers). That means
you'll need to assign IP addresses to each internal host that is going to
use SSL/TLS

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken

"gh" wrote in message
news:u9uxF2n6HHA.1208@TK2MSFTNGP03.phx.gbl...
>I have multiple websites on my Windows 2003 R2 server and using host
>headers. Currently I use All Unassigned IPs in each sites setup. I have a
>Linksys router that uses a block of public static ips that I have mapped to
>my network connection as a private 192.168.x.x. I can assign up to 5
>public ip addresses that will all go through my router. For SSL to work on
>multiple sites, I read that I have to use a different IP for each domain.
>If I assign a different public ip to each domain at the registers DNS, is
>this all I need to do or do I need to assign a different private ips on the
>server?
>
> TIA

Re: IIS6/SSL/MultipleSites

Ken:

So if site one is using 192.168.1.2, then site 2 could be assigned
192.168.1.3. In the properties}website, for each site I would assign
the 192 ip. Can I leave the port assigned to 80 for each site?

TIA


Ken Schaefer wrote:
> Each website can only use a single SSL certificate. Unless the SSL
> certificate has subject alternate names that match each DNS name that
> the site is listening on, then you'll need a distinct combination of IP
> address+port for each site (i.e. you can't use host-headers). That means
> you'll need to assign IP addresses to each internal host that is going
> to use SSL/TLS
>
> Cheers
> Ken
>

Re: IIS6/SSL/MultipleSites

Hi,

You need a unique combination of IP+port. If the IP addresses are different,
then you can use the same port. If you wish to use the same Ip address, then
the ports must be different.

This applies to the port(s) used by SSL/TLS (typically this is 443). Not to
the ports used by HTTP. Host-headers can be used for HTTP, allowing the use
of the same IP address+port.

If you look in the website's properties, you will see that there are
different areas for specifying HTTP and HTTPS bindings. The HTTP section
allows you to specify a host-header. The HTTPS section only allows you to
specify IP+port.

Cheers
Ken

"gh" wrote in message
news:O$ruPcv6HHA.1168@TK2MSFTNGP02.phx.gbl...
> Ken:
>
> So if site one is using 192.168.1.2, then site 2 could be assigned
> 192.168.1.3. In the properties}website, for each site I would assign the
> 192 ip. Can I leave the port assigned to 80 for each site?
>
> TIA
>
>
> Ken Schaefer wrote:
>> Each website can only use a single SSL certificate. Unless the SSL
>> certificate has subject alternate names that match each DNS name that the
>> site is listening on, then you'll need a distinct combination of IP
>> address+port for each site (i.e. you can't use host-headers). That means
>> you'll need to assign IP addresses to each internal host that is going to
>> use SSL/TLS
>>
>> Cheers
>> Ken
>>
>
>

Re: IIS6/SSL/MultipleSites

That implies separate network cards for each IP address.

"Ken Schaefer" wrote in message
news:uRZyC%23d7HHA.1208@TK2MSFTNGP03.phx.gbl...
> Hi,
>
> You need a unique combination of IP+port. If the IP addresses are
> different, then you can use the same port. If you wish to use the same Ip
> address, then the ports must be different.
>
> This applies to the port(s) used by SSL/TLS (typically this is 443). Not
> to the ports used by HTTP. Host-headers can be used for HTTP, allowing the
> use of the same IP address+port.
>
> If you look in the website's properties, you will see that there are
> different areas for specifying HTTP and HTTPS bindings. The HTTP section
> allows you to specify a host-header. The HTTPS section only allows you to
> specify IP+port.
>
> Cheers
> Ken
>
> "gh" wrote in message
> news:O$ruPcv6HHA.1168@TK2MSFTNGP02.phx.gbl...
>> Ken:
>>
>> So if site one is using 192.168.1.2, then site 2 could be assigned
>> 192.168.1.3. In the properties}website, for each site I would assign
>> the 192 ip. Can I leave the port assigned to 80 for each site?
>>
>> TIA
>>
>>
>> Ken Schaefer wrote:
>>> Each website can only use a single SSL certificate. Unless the SSL
>>> certificate has subject alternate names that match each DNS name that
>>> the site is listening on, then you'll need a distinct combination of IP
>>> address+port for each site (i.e. you can't use host-headers). That means
>>> you'll need to assign IP addresses to each internal host that is going
>>> to use SSL/TLS
>>>
>>> Cheers
>>> Ken
>>>
>>
>>
>

Re: IIS6/SSL/MultipleSites

No, just multiple IPs on one (or teamed) card
Anthony,
http://www.airdesk.co.uk




"Mike DiChiappari" wrote in message
news:EbQIi.1$ax2.0@trndny08...
> That implies separate network cards for each IP address.
>
> "Ken Schaefer" wrote in message
> news:uRZyC%23d7HHA.1208@TK2MSFTNGP03.phx.gbl...
>> Hi,
>>
>> You need a unique combination of IP+port. If the IP addresses are
>> different, then you can use the same port. If you wish to use the same Ip
>> address, then the ports must be different.
>>
>> This applies to the port(s) used by SSL/TLS (typically this is 443). Not
>> to the ports used by HTTP. Host-headers can be used for HTTP, allowing
>> the use of the same IP address+port.
>>
>> If you look in the website's properties, you will see that there are
>> different areas for specifying HTTP and HTTPS bindings. The HTTP section
>> allows you to specify a host-header. The HTTPS section only allows you to
>> specify IP+port.
>>
>> Cheers
>> Ken
>>
>> "gh" wrote in message
>> news:O$ruPcv6HHA.1168@TK2MSFTNGP02.phx.gbl...
>>> Ken:
>>>
>>> So if site one is using 192.168.1.2, then site 2 could be assigned
>>> 192.168.1.3. In the properties}website, for each site I would assign
>>> the 192 ip. Can I leave the port assigned to 80 for each site?
>>>
>>> TIA
>>>
>>>
>>> Ken Schaefer wrote:
>>>> Each website can only use a single SSL certificate. Unless the SSL
>>>> certificate has subject alternate names that match each DNS name that
>>>> the site is listening on, then you'll need a distinct combination of IP
>>>> address+port for each site (i.e. you can't use host-headers). That
>>>> means you'll need to assign IP addresses to each internal host that is
>>>> going to use SSL/TLS
>>>>
>>>> Cheers
>>>> Ken
>>>>
>>>
>>>
>>
>
>