开发者

IIS 7 SSL for multiple sites with a single IP

开发者 https://www.devze.com 2023-02-10 20:29 出处:网络
I have a single IIS 7 server with a开发者_JS百科 single IP address. Site 1 has an SSL cert for www and Site 2 has a wildcard SSL cert for various subdomains. Both sites use host headers to direct traf

I have a single IIS 7 server with a开发者_JS百科 single IP address. Site 1 has an SSL cert for www and Site 2 has a wildcard SSL cert for various subdomains. Both sites use host headers to direct traffic off the single IP address. However, when I try to access a subdomain on Site 2 I see a browser warning telling me that the SSL cert is wrong and shows me the information for Site 1. Help!


Until SNI is fully supported, you can only have one certificate per IP address. If you can get a certificate that covers both sites (a wildcard or a UC certificate, for example), you can set up SSL Host Headers to allow both sites to be secured.


If you add the certificates with the friendly names beginning with an asterisk then you can edit the hostname field within the Bindings for each site.

So we had a certificate added as "ssl" (imagination was lacking at the time) which when added to two different sites actually used the first site regardless of domain name passed in (as the bindings had no hostname).

We removed and then added the certificate again as "*ssl" (again no imagination but we were tired by this point) and within the bindings for each site we were able to add hostnames and https calls to the domain names actually went to the right websites. We then had beer.

This guy did it for self-signed certificates but it worked for our SAN one too: https://wiki.gutzmann.com/confluence/display/HowTo/IIS+7.5+-+Multi-homing+for+HTTPS+with+self-signed+certificates


IIS 8 in Windows Server 2012 now supports this feature (SNI).

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号