• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Hosting multiple SSL sites on a single Win2K3 machine

W

WobbleWobble

Diamond Member
Our web development team wants an SSL certs for our domain example.com and www.example.com. We were initially looking at a wildcard cert but decided it wasn't worth the money because it is the cost of 5-6 certs. So we went with getting 2 certs and then realized that we were going to run into a snag.

Our current server is running Win2K and from what I've read, only Win2K3 SP1 supports SSL with host headers. We are moving servers in the coming weeks/months anyways, so we will be using a Win2K3 SP1 based machine. However, reading this Microsoft article, it looks like we actually needed wildcard certs.

But since we purchased two normal SSL certs, can we create two separate web sites in IIS (after moving to 2K3), one for example.com and www.example.com, use the appropriate host headers on each apply the certs to each web site? Or is it possible to apply more than one SSL cert to a single web site?
 
That's correct you need either a wildcard cert or multiple IP addresses, you cant do it with host headers alone.

This is not an IIS limitation, you'd run into the same thing if you were running Apache. It's neccisary otherwise the clients wouldnt have proper trust for some of the sites.
 
I thought Windows 2003 SP1 had the ability to decode host headers when SSL is implemented? But I can't simply create two separate web sites in IIS, on the same IP and use host headers with SSL applied?
 
Originally posted by: WobbleWobble
But I can't simply create two separate web sites in IIS, on the same IP and use host headers with SSL applied?
Click to expand...
No. Like spyordie007 said, this is a consequence of the way SSL works on any webhost. Basically, the problem is that the SSL part has to happen before any kind of HTTP transaction. If you're running on a single IP address, how is the webserver supposed to know which certificate to present to the client? It can't, of course, so you either need a wildcard certificate that will apply to every site hosted on that IP or you need multiple IP addresses so that the server can pick the certificate based on the IP address.

 
It's not out of the option, but the way we were going at it was a bad idea.

Originally we were going to put a form on our web site, but our privacy department wanted to make sure it was an SSL form. So the web dev team suggested wanted an SSL cert for it on the example.com and www.example.com domains. The would mean, even if we used the multiple IP route that we would need to maintain two identical web sites in IIS. The other techs in our dept thought that would be a bad idea, so we're going to go with some sort of secure.example.com sub domain.

Thanks for your help guys, I jumped the gun thinking that SSL using host headers was fully supported in SP1. I didn't read deep enough to find out there were some gotchas.
 
Why not *just* use www.domain.com? secure.domain.com works, though personally I only add extra sites if I need to so I would just do everything under "WWW" (you could just create a redirector for domain.com so the people to lazy to type www would end up at the right spot).
I jumped the gun thinking that SSL using host headers was fully supported in SP1. I didn't read deep enough to find out there were some gotchas.
Click to expand...
Again, this is not a lack of support by IIS or SP1; it's SSL and it's by design that this behavior occurs.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top