1

I have 2 websites on an IIS webserver. Www.website1.com on port 80 and www.website2.com on port 81. On the IIS-ARR server I have created server farm and added my Server. So far so good. Both the web sites will be accessible through IIS-ARR over http. Now I want both the websites to be accessible over https through ARR. For this how should I create the SSL request for ARR server and how many SSL requests needed. What should be the CommonName. Should I deploy both websites on ARR server also.

I believe that 2 SSL requests needed on the IIS webserver. One for www.website1.com with CommonName=www.website1.com and another for www.website2.com with CommonName=www.website2.com. But what about IIS-ARR load balancer? What should be the CommonName?

user13727833
  • 13
  • 5
  • After some research I found that multiple ServerFarms are needed for multiple URLs. So 2 Server Farms for 2 websites. So 2 SSL certificates for 2 websites. Am I correct? – user13727833 Jul 14 '20 at 11:39

1 Answers1

0

You can use a certificate with multiple Subject Alternate Names, that is a certificate authorized for several domains. For example create a CSR requesting website1.com;www.website1.com;website2.com;www.website2.com as SAN.

Such a certificate could, once installed where the CSR was created in order to pair it with the private key, be exported as a bundle including the private key then imported on all involved servers.

The certificate bundle file must be safeguarded as not only your servers, but also anyone elses too, could impersonate your sites using it.

ErikE
  • 1,353
  • 10
  • 8
  • Do you mean the SSL created on the IIS-ARR load balance Server can be imported over to the node Server (IIS webserver where the multiple websites are hosted). And no need for new SSL requests for both the websites on the IIS webserver. Or Do you mean SAN can be used for creating SSL for multiple websites and only this 1 SSL certificate can be used within each node server. And for ARR load balancer, what I said holds good? – user13727833 Jul 14 '20 at 12:36
  • Also I am of openion that SSL of one Server cannot be used for Other Server. Am I correct? – user13727833 Jul 14 '20 at 12:37
  • exported as a bundle. This link which u gave clarifies that SSL of one Server can be used on another Server as well. So finally plz clarify if I can use the SSL of IIS-ARR on the node servers as well (IIS web Servers where the websites are hosted.). So that I can be confirmed about the intent of ur answer. – user13727833 Jul 14 '20 at 12:50
  • Yes, if all domains are present in one certificate, with due care the certificate can be exported together with the private key. Then imported wherever ssl needs to be terminated for those domains. This includes load balancer and backend. But critically the private key must never be exposed anywhere else as this would jeopardise the purpose of using ssl in the first place. – ErikE Jul 14 '20 at 19:04