Multiple SSL certificates to access one ASP.NET application in IIS

ssl iis

Solution 1:

Your problem is unsolvable due to the way the SSL protocol and virtual hosts work. You have to use only a single certificate per IP, regardless of the number of name based virtual hosts served by it.

As Brian has already suggested, you can place several alternative virtual host names on that single certificate (using the subjectAltName x.509 extension - see https://www.rfc-editor.org/rfc/rfc3280#section-4.2.1.7), but it will still be just a single certificate. Visitors to one of your virtual hosts will be able to determine all the other virtual hosts simply by analyzing the certificate extension.

The limitation is due to how HTTPS protocol is organized - it's simply HTTP stacked on top of SSL.

So when a client connects to the server, it first has to establish a SSL session - this is the stage during which the server presents the certificate.

At this stage, the server does not know what virtual host the client will ask for because the client will do it later, only after having established the SSL session.

Only after the SSL session has been established, the client initiates the HTTP dialogue by sending the HTTP client headers, which include the "Host:" header indicating the web site's host address the client is asking for. This is long after the server certificate has been sent to the client.

Related

What are default postfix smtp settings?
How to speed up file copying onto a VMWare virtual server?
What's the best server to use with ASP.Net on Mono? [closed]
Sync user accounts over multiple linux servers
Is it possible to try Windows Server 2012 with VmWare Server 5.0?
Disable temporary user profile on workstations in a Windows 2008 env
What to do if one doesn't want to receive email bounces?
Printer Won't Print! Long and weird saga
Unable to add user using useradd
error on ec2 volume mount
AGDLP: global vs local groups for job/role groups
Power on machine when there is power?