Can IIS6.0 host two SSL certificates? - iis

We have a Windows Server 2003 machine running IIS6.0 that hosts two different websites. We purchased an SSL certificate for both domains, but then discovered we couldn't use both at once because SSL uses port 443, and I can't set both domains to use that port number.
So my question is, is it possible to host https://www.domain1.com and https://www.domain2.com on the same IIS 6.0 server? If so, how can I do this?

As #Bahri Gungor said the way to do this is for the server to have multiple IP addresses, have the different domains attach to different IPs and then you should be able to have each have a seperate SSL certificate.
Windows Servers can be assigned lots of IP addresses, then depending on your network setup you could change the DNS records for your different domains to point to the different IP addresses. Remember DNS changes take a while to role through the network (depending on their time-to-live). So you need to have the domain you move hosted on multiple IP addresses until all clients have the new DNS records.
See the following
http://technet.microsoft.com/en-us/library/cc722518.aspx
http://www.windowsnetworking.com/articles_tutorials/understanding-advanced-tcp-ip-settings-windows-2003.html
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/74097d64-d3d7-4b07-a1b7-0be86494ba97.mspx?mfr=true
Why?
How I assume you have things configured is serving both domains off the same port and the same IP address, and have IIS choose the different WebSite based on the host-header. The host-header as the name implies is part of the http headers sent to the server with the request, when using HTTPS this information is encrypted using the SSL certificate. So if your could have multiple certificates servered off the same port and IP address IIS would not know which certificate to decrepit the incoming request.
Wild Card Certificates
One way round this is if you have multiple sub-domains they can share one SSL certificate then you can use host-headers to choose which site the user is interested in
so if you had
a.example.com
b.example.com
c.example.com
You could get a certificate for
*.example.com
Then the websites for the subdomain could share one SSL certificate and the same IP address and port.

Related

How to host a website locally but with .com domain and accessible on internet

I've bought a .com domain from a provider on the internet. But, I want to host it locally.
I know that I can host a local web by using XAMPP or WAMP, but I want to make it accessible on the internet.
I also know that we could host a web to be accessible on the internet like ngrok, serveo, etc.
But, I want it with my .com domain that I bought. Could this possible? How to? Is there any references?
Thanks in advance ^_^
It seems to me you are asking 1. if it is possible to map a DNS entry such that traffic to the URL would be directed to a server in your personal network, and 2. if it is possible, how to do it.
The answer to the first question is yes, it is possible. The second question is difficult to answer because it depends on many factors such as your ISP, country, your web host provider's rules and services, etc.
First, you must determine two IP addresses:
The public IP address for your network (whatismyip.com)
The private IP address of the local machine which will host your website (typically (192.168.0.x)
Then, you must enable port forwarding in your router configuration, such that any requests to port 80 and/or port 443 on the external interface (public) will be forwarded to the internal port on which your website is hosted. If done properly, putting the public IP in your browser will take you to the website you are hosting locally.
Once you verify access via public IP, then you must go into your DNS entries on your domain host and create a CNAME record which points your root domain (www.yourwebsite.com) to your public IP address. That will route all traffic to your .com to your local server.
I do NOT recommend doing this however, and would caution against it, because it leaves your local server/network open to the public, and makes your domain vulnerable to things such as spoofing etc. To do it properly, you should obtain a security certificate for your domain through a Certificate Authority (CA) - generally, you can request a certificate via your domain hosting service. Once you have a certificate, you must upload the key to your server and configure your web application/hosting service to use the certificate, and then change your port forwarding to use 443 instead.
This is a very complex topic that takes time to learn, and your question is extremely non-specific. There is no good place to start really, and no shortage of information/resources available online. To start, you need to understand how your DNS works. For any local webhosting, port forwarding is important to learn. You should also determine if your ISP blocks the forwarding of certain external ports, which effectively disables any private webhosting.

Hosting two SSL sites (different host name) on same server with different certificates and without ports (i.e. 443)

We have a SharePoint site https://example.com hosted on port 443.
There is another site https://anotherexample.com that should be hosted on same server and without port (i.e. 443).
Both the certificates are issued to different host names (i.e. not wildcard certificate).
How can I achieve above scenario?
Any help is much appreciated!
Edit: I'm working on IIS 8.
Best way to achieve this on IIS 8 is to use Server Name Indication. It allows the server to host multiple certificates for multiple sites under a single IP address.
For more detailed instructions, please refer here.

How to host multiple SSL sites on a single Host in IIS 7

I am having some trouble with hosing.
Currently on our server have have 6 or so IIS sites hosted. They are all http currently: and work on port 80 with the host names set.
Now I want to go an change them to use SSL. But this then removes the ability to use the Host headers.
I have tried using self generated ssl cert from within IIS Manager before I go out and buy real ones. But the issue I am having is that it seems that the SSL cert is linked to an IP address. I can add the ssl cert to one site. But after that When I try assign site 2. it says that there are no Ip addresses.
So My question which Im hoping someone can explain how it works when multiple sites are hosted with iis on the same machine.
Do I have to get a wildcard SSL Certificate?
Do I need to have a unique IP address for each site being hosted?
If not, could somebosy please help and try explain to me what I need to do in order to achieve this.

IIS 7 binding for SSL

I have a machine with multiple websites. The websites do not use the same domain name. As an example one website is test.test1.com another is test.test2.com. I also have a UC certificate that lists all of the domains but it doesn't use the wildcard * in any of the domains. When I try to create bindings for each I can't add the host header to the binding for https. If I use appcmd for the second domain I can no longer access the first domain.
How do I setup the bindings so I can access test.test1.com as the default for port 443 and test.test2.com only when that is the host header?
Thanks for the help!!
Gary
In IIS 7 you can not have SSL bindings based on host headers. If you want multiple sites with https and don't have a wildcard certificate, you have to use multiple IP addresses, one for each SSL site. Just add IP addresses to the OS and set up DNS entries for them, then you bind the sites against those IP addresses, not their host names.

IIS 6: Set up 2 SSL web apps on the same server on port 443

I was asked to create a sharepoint web application with ssl on a server with sharepoint 2010 installed. The problem is that this port seems to be in use for hosting our subversion repository. So when i try to browse my sharepoint site, it just shows a page with my repository. I've read about installing certificates and configuring multiple sites on one port with host headers but i never succeeded to complete this job. I would really appreciate some help here.
Thanks!
Assuming you're talking about individual SSL certificates (as opposed to a single wildcard certificate), I believe each website HAS to have its own IP address. AFAIK it is not possible to run multiple websites with multiple SSL certificates under the same IP address.
Depending on who is hosting the server, you would need a new IP address to be allocated to the server, and then within IIS you use the new IP address against the hostheader of your new website. You should find that the certificate works correctly, if not then try removing the certificate from the website and re-allocating it.
You would only be able to use a wildcard certificate if the primary domains of the websites were the same (e.g. website1.mydomain.com and website2.mydomain.com).
Thomas,
I've run into a similar situation before where the requirements dictated that we use 1 ip address, but the domains will be different (eg. website1.com, somesite.org, website2.us).
You can achieve this by using a Unified Communications certificate with Subject Alternative names. Currently, Digicert offers a UC certificate that can achieve this, but some other CA's will not.
Essentially you will have 1 certificate bound to :443 on the same ip address. The big drawback to this is that if the cert goes down, all the sites SSL will not work.
You have to manually (via powershell) bind each domain to port 443 however, but the instructions are fairly simple.
Server Name Indication would be another way, but it's not even an option in IIS 6

Resources