SSL Websites

I am trying to run multiple SSL enabled websites on a single IIS 6 web server
on Win2003 Ent Edition in a test setup. I am using a Internal CA service on
one of my Windows 2003 server.

What I noticed was that IIS 6 does not allow us to run multiple SSL enabled
website on the same default ssl port 443. Two SSL enabled site work fine on
different ports.

All these multiple website use different Host Header name & work fine while
working on the same IP & the default port 80. But when ssl enabled only one
can be active if all are set to use 443.

Any workaround to have Multiple SSL website on a singel IIS 6 that would use
different HHN but the same IP & port 443?

Re: SSL Websites

On Dec 19, 4:35 pm, Vicky wrote:
> I am trying to run multiple SSL enabled websites on a single IIS 6 web server
> on Win2003 Ent Edition in a test setup. I am using a Internal CA service on
> one of my Windows 2003 server.
>
> What I noticed was that IIS 6 does not allow us to run multiple SSL enabled
> website on the same default ssl port 443. Two SSL enabled site work fine on
> different ports.
>
> All these multiple website use different Host Header name & work fine while
> working on the same IP & the default port 80. But when ssl enabled only one
> can be active if all are set to use 443.
>
> Any workaround to have Multiple SSL website on a singel IIS 6 that would use
> different HHN but the same IP & port 443?



The behavior you see is "by-design" of how SSL is designed. Not an
issue with IIS. And there is nothing to "work-around" -- you just need
to know what the design allows and then configure appropriately.

Every SSL website has to have a unique IP:Port. Note that Hostname is
not a distinguisher for SSL.

Thus, your only choices for SSL-enabled websites are:
1. Each website has its own SSL Certificate, has a different IP, and
on port 443
2. Each website has its own SSL Certificate, has same IP, but
different port
3. Each website has exactly same SSL Certificate, same IP and port,
and hostname which matches SSL Certificate

You have been doing #2. You want to do #3 but need to follow these
instructions and rules.

http://www.microsoft.com/technet/prodtechnol/WindowsServer20 03/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr =true


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: SSL Websites

If you want to run multiple SSL enabled websites on the same IP + Port then
you need either:

a) a wildcard certificate that matches *.domain.com (i.e. any host in
domain.com) -and- all your host names need to be in domain.com

-or-

b) a certificate that has multiple host names in the Subject Alternate Name
(SAN) field - each of which matches the hostnames you have (e.g.
host1.domain1.com and host2.domain2.com)

Host Header fields are not available with SSL secured sites. THis is because
the Host: header is encrypted, and not available to IIS during the SSL
handshake process between the browser and server.

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken

"Vicky" wrote in message
news:623FCD3C-45FC-41CD-B73B-F5CE5FDB6213@microsoft.com...
>I am trying to run multiple SSL enabled websites on a single IIS 6 web
>server
> on Win2003 Ent Edition in a test setup. I am using a Internal CA service
> on
> one of my Windows 2003 server.
>
> What I noticed was that IIS 6 does not allow us to run multiple SSL
> enabled
> website on the same default ssl port 443. Two SSL enabled site work fine
> on
> different ports.
>
> All these multiple website use different Host Header name & work fine
> while
> working on the same IP & the default port 80. But when ssl enabled only
> one
> can be active if all are set to use 443.
>
> Any workaround to have Multiple SSL website on a singel IIS 6 that would
> use
> different HHN but the same IP & port 443?