Host Headers, one IP and two SSL Certs

I have one IIS 6.0 Websever that hosts several sites using host headers. Our
main "www" website's content management system is secured with SSL for the
login.

I have a new application that runs on "apps" and part of the project spec is
that it is secured with SSL for our end users entering information.

I have SSL certs for www and apps, but from what I understand you cannot
have two SSLs on one IP.

What are my options? I have heard that I need a wild-card SSL cert for my
whole site, or I need to specify a different port for SSL for one of my
sites. Could use host headers, and specify a different port (say 4433) to
direct secure traffic to my new project's pages?

Re: Host Headers, one IP and two SSL Certs

if your case you need 2 IPs, or bind it to different ports.

the wildcard ssl only works if both sites share the same TLD. say
*.mydomain.com.


--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"Broodwich" wrote in message
news:1989F57F-5CCB-45F4-BB83-36B1AE75D0AE@microsoft.com...
>I have one IIS 6.0 Websever that hosts several sites using host headers.
>Our
> main "www" website's content management system is secured with SSL for the
> login.
>
> I have a new application that runs on "apps" and part of the project spec
> is
> that it is secured with SSL for our end users entering information.
>
> I have SSL certs for www and apps, but from what I understand you cannot
> have two SSLs on one IP.
>
> What are my options? I have heard that I need a wild-card SSL cert for my
> whole site, or I need to specify a different port for SSL for one of my
> sites. Could use host headers, and specify a different port (say 4433)
> to
> direct secure traffic to my new project's pages?

Re: Host Headers, one IP and two SSL Certs

"Broodwich" wrote in message
news:1989F57F-5CCB-45F4-BB83-36B1AE75D0AE@microsoft.com...
> I have SSL certs for www and apps, but from what I understand you cannot
> have two SSLs on one IP.

Correct. One IP per cert (unless you use different ports, but this usually
isn't an option)

> What are my options? I have heard that I need a wild-card SSL cert for my
> whole site, or I need to specify a different port for SSL for one of my
> sites. Could use host headers, and specify a different port (say 4433)
> to
> direct secure traffic to my new project's pages?

A new IP is usually cheaper than a wildcard cert. You can't use host headers
at all with SSL as the header is encrypted. So if you choose to use a
different port then you don't have to bother adding a host header entry as
the port will exclusively bind the request to the site.

The best option is to get a new IP address, and create two sites in IIS with
their own IP address, both with ports 80 and 443 for http and https
respectively. Add the certs to the respective sites, and point your DNS
records for the two subdomains to the corresponding IP addresses.