4

I developed a ASP.NET application that needs to run in multiple instances on my machine (IIS7). I need to set up SSL for each instance, but I lose the option to do binding to a specific host name (that option is only available with regular HTTP). So how do I differentiate the instances?

If I try to add more than 1 SSL binding I get the error "At least one other site is using the same HTTPS binding and the binding is configured with a different certificate (...)".

What to do?

Alex
  • 75,813
  • 86
  • 255
  • 348

2 Answers2

3

The hostname information is part of the http headder, which is encrypetd (and decrypted) by SSL, so in order to have several SSL websites you have to do either:

  • Use a wildcard certificate on all websites and use a hostheadder to route to the correct one: Example: Certificate for *.foo.com Sites: bar.foo.com and main.foo.com and void.foo.com

Or bind each certificate to its own IP

Or... Use SSL Termination from an accelerator device (ISA Server etc)

Heiko Hatzfeld
  • 3,197
  • 18
  • 15
  • 1
    It's also possible to use a separate port number than the default of 443. – NYCdotNet Aug 12 '13 at 18:40
  • @NYCdotNet does the wildcard certificat still work with the port in the url (without having to add an exception)? In other word,do browsers accept a certificate with a common name *.foo.com for the URL https://main.foo.com:8081 ? – marapet Sep 10 '13 at 09:26
  • 1
    @marapet I don't know about the wildcard certificate, but our experience is that browsers will accept a certificate for mysubdomain.example.com when connecting to https://mysubdomain.example.com:### where ### is the port number. – NYCdotNet Sep 10 '13 at 18:25
1

The question was specifically for IIS 7, however there is a new feature in IIS 8 that works with modern browsers called SNI that can assist with this.

http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability

NYCdotNet
  • 4,500
  • 1
  • 25
  • 27