IIS7 Multiple 443 & SSL
I have two sites in IIS7, the Default Web Site and one for Reporting. I have two SSL certificates.
I am trying to work out how I can leave both sites running on port 443 and assign the relevant SSL to each. It seems as soon as I make changes to the Default Web Site, the reporting site is changed, and vice versa.
Is this possible? Or do I need to get an SSL certificate that has all the relevant URLs on one certificate?
You will need to either get another NIC in your server (so one SSL cert per NIC and IP address) or get a multi domain/wildcard cert :)
And then just give each site a different hostname?
That's the one - although the SSL certs should have the host names in already which IIS will pickup.
Then in your DNS point the address to the IP that you have assigned the site to.
But if all the sites are on one server, on the same port and IP, I'll have to use the hostname to differentiate between the sites? If the SSL has multiple names on it?
Originally Posted by jamesfed
Sorry I wasn't clear :)
IP Address 1 (192.168.2.2) - SSL Cert 1 - NAT to external IP 1
IP Address 2 (192.168.2.3) - SSL Cert 2 - NAT to external IP 2
So different IPs per IIS site are needed unless you have a multi domain cert or wildcard cert.
I'm in the process of getting a multi domain SSL to cover all the URLs however you can't have multiple sites running on the same port?
I was hoping I could have all the sites running on 443 but then use the hostname to differentiate between the sites.
Bah. Any other ideas?
You can have multiple sites on a single port using a couple of different methods:
Originally Posted by Edu-IT
Virtual sites, with name resolution doing the direction.
So in my IIS at the moment I have:
Default Web site
- Site 1
Then I have:
Do I need to get Site 2, Site 3, Site 4 under the Default Website then rather than as seperate sites?
Edit: Then set the bindings on that Default Web site so that there is a seperate binding for hostname site2?
Darren Marsden | SSL Host Headers in IIS 7.x
So I followed this and *think* I am on the right path now. Both sites can be accessed over HTTPS using the relevant host name.