IIS Server with Two SSL Certificates for Two Distinct Domain Names

1
votes

I have two distinct SSL-enabled domain names that I am trying to configure a single Windows Server 2008 R2 IIS instance to support. However, I've noticed that I can only set one SSL certificate and that host names are not supported for SSL-enabled traffic in IIS.

I'm wondering if what I'm trying to do is even possible before I start investing in solutions? I have noticed there is an input field for IP address which I'm thinking refers to the IP address endpoint for the machine.

Here's what I'm wondering... do I need more than one NIC so that the server has two IP addresses it can be reached at in order to achieve support for two separate SSL domains in this version of IIS?

IIS Manager Site Binding Screenshot With IP Address Input Image

2
iissslhttpsiis-7

2 Answers

1
votes

You need to assign a different IP address for each ssl binding, so each IP address's port 443 is used to serve the ssl traffic.

While you can use host header binding for port 80, you cannot do this for secure traffic (unless it's a wildcard ssl however that's not relevant here)

You can assign multiple IP addresses to a single nic, so no need for more hardware.

Just be sure to bind each site to the relevant IP in iis, and don't use the all unassigned option.

0
votes

Just check "Require Server Name Indication" when yo are setting https bindings for desired website. Modren browsers distinguish between different domain names on same IP when SNI is activated. (Compatibility table)