Adding multiple websites with different SSL certificates in IIS 7

web-server ssl-certificate windows-server-2008 website iis

Generally, a separate IP is required for each SSL site, so if you attempt to bind to the same IP you will see the above error.

This is due to the way SSL works. The server is unable to read the HTTP host header during the handshake process, so it can't use that header information to choose which site (and certificate) to use. Thus certificates in IIS are basically bound per-IP, rather than per-site.

If you have a wildcard certificate or ASN certificate that applies to multiple sites, you can set it up as follows:

  1. Bind cert to first site on the IP
  2. For host header sites, execute the following command in the inetsrv folder: appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']

Replace and with the appropriate values (Website1 and www.example.com, for example).

SNI is supported in IIS8 to allow multiple unrelated SSL sites on the same IP. Note that SNI is only supported in modern browsers, so it may cause problems for you if you are running a commercial site with a wide audience, like Windows XP users running older versions of Internet Explorer.

Related

Issue multiple claims in a single rule
How to "silence" a TCP connection in one direction?
executing a command again once it stops (rsync, FreeBSD)
local rpm repostry, that contains all packages installed on system
DNS Issue - Windows 2003 environment
How to delete IPSEC VPN tunnel from Fortigate 60
Reduce Windows DNS Service caching on Window
iptables: How to read this OPT string?
Grant full mailbox access to Domain Admins in Exchange 2010, including all new mailboxes?
How to configure Elastic Beanstalk for using Rails with Postgres?
Server responds "bus error" to every command
Introducing a Windows Domain Controller into an all mac-client network