Is there any way to configure multiple SSL sites on the same server without a wildcard certificate?

4
votes

I've set up multiple ssl sites on iis using Servier Bindings as per this article: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8d9f2a8f-cd23-448c-b2c7-f4e87b9e2d2c.mspx?mfr=true

I have two different ssl certs for the two sites installed but when I browse to either site I get the same certificate. Is there any way to configure this without buying a wildcard cert?

4
iisssl

4 Answers

5
votes

If both the browser and the web server support the Server Name Indication extension, the web server can use it to select the correct certificate. Otherwise, you would have to use two separate IP addresses or the wildcard certificate (as the other answers already mentioned, the HTTP headers, including the Host header which tells the web server which site is being requested, are encapsulated within the SSL/TLS connection).

4
votes

Without using different IPs or ports, no. Due to the way that HTTPS connections work the encrypted connection happens before things like host headers can be sent, so there's no way for the server to know which one to connect to.

1
votes

Configure the sites to run on different IP-addresses or ports. The reason for this is because SSL is wrapped AROUND http, and the host headers is sent inside HTTP. E.g. the server doesn't know what site a request is for at the SSL-layer.

0
votes

Each site will need a seperate IP address.