Adding multiple websites with different SSL certificates in IIS 7

Generally, a separate IP is required for each SSL site, so if you attempt to bind to the same IP you will see the above error.

This is due to the way SSL works. The server is unable to read the HTTP host header during the handshake process, so it can't use that header information to choose which site (and certificate) to use. Thus certificates in IIS are basically bound per-IP, rather than per-site.

If you have a wildcard certificate or ASN certificate that applies to multiple sites, you can set it up as follows:

  1. Bind cert to first site on the IP
  2. For host header sites, execute the following command in the inetsrv folder: appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']

Replace and with the appropriate values (Website1 and www.example.com, for example).

SNI is supported in IIS8 to allow multiple unrelated SSL sites on the same IP. Note that SNI is only supported in modern browsers, so it may cause problems for you if you are running a commercial site with a wide audience, like Windows XP users running older versions of Internet Explorer.