Re: Implementing 2 certificates with IIS 6.0
From: Miha Pihler [MVP] (mihap-news_at_atlantis.si)
Date: Sun, 4 Sep 2005 18:07:49 +0200
Thanks for the info David!
-- Mike Microsoft MVP - Windows Security "David Wang [Msft]" <email@example.com> wrote in message news:%23q21UxDsFHA.firstname.lastname@example.org... > Actually, with Windows Server 2003 SP1, IIS6 supports Host Headers with > SSL. > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx > > The key fact that remains is that SSL requires exactly one Server > Certificate per IP:Port combination. > > This means that to implement two SSL websites using different > certificates, > you must have two different IP:Port combination. > > Even with Host Header over SSL, the requirements are that all the host > header websites MUST use the same SSL server certificate -- which means > that > you must configure a wildcard SSL certificate for all of those websites. > > Clearly, this limits Host Header over SSL to only support sub-domains -- > that is: > https://subdomain1.domain.com and https://subdomain2.domain.com can both > share the common *.domain.com SSL server certificate configured for those > two domains. > > In particular, since you cannot get a *.com certificate, you cannot use > Host > Header over SSL for https://domain1.com and https://domain2.com > > In other words, IIS6 on Windows Server 2003 SP1 does not impose any > restrictions on SSL that are not already there in the protocol or by how > the > world treats SSL Server Certificates. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > "Miha Pihler [MVP]" <email@example.com> wrote in message > news:ucTc3g%23rFHA.firstname.lastname@example.org... > You should either use different IP address or different TCP port when you > use SSL. You can't use host header when you use SSL. > > -- > Mike > Microsoft MVP - Windows Security > > > "Henrique Alves" <email@example.com> wrote in message > news:eKHB1R%23rFHA.3392@TK2MSFTNGP11.phx.gbl... >> Hi, >> >> Like this - When I tried to browse the first site that I "install" the >> certificate, I get the certificate from the second site. Understand? >> >> I think you gave me a great tip, I change the IP Address from >> the site and now I just get the first certificateK, strange. but it since >> that should be something to do with this. >> >> I'm running the sites with the same IP address (just with >> different host headers), is there a problem?? Should I run with different >> IP's?? >> >> The Event log don't show any error related. >> >> Can you help me with this now?? >> >> >> >> Many thanks Mike, >> >> Henrique Alves. >> >> >> >> >> "Miha Pihler [MVP]" <firstname.lastname@example.org> wrote in message >> news:OEWba69rFHA.1256@TK2MSFTNGP09.phx.gbl... >>> Hi, >>> >>> How does this error represent itself? What happens when you try and use >>> the first certificate? >>> >>> Are you running these different sites on different IP addresses? Are >>> there any errors in Event logs (Applications and System logs)? >>> >>> -- >>> Mike >>> Microsoft MVP - Windows Security >>> >>> "Henrique Alves" <email@example.com> wrote in message >>> news:eycjjd8rFHA.2592@TK2MSFTNGP09.phx.gbl... >>>> Hi, >>>> >>>> I tried to install two web server certificates in the same machine >>>> (but >>>> in diferente sites), with IIS 6.0, but with no success. >>>> >>>> What happened was that when I first install the first certificate >>>> everything works fine, but after installing the seconded one (in >>>> another >>>> site) the first certificate never work again. I tried making backup e >>>> installing again, tried to remove and install the certificate again.and >>>> nothing works. can anyone help me???? >>>> >>>> >>>> I already install IIS Diag and everything looks ok... >>>> >>>> >>>> >>>> Thanks in advanced, >>>> >>>> Henrique Alves. >>>> >>> >>> >> >> > > >