Re: Multiple SSL certs on a single server IIS 6.0

From: Bernard Cheah [MVP] (qbernard_at_hotmail.com.discuss)
Date: 11/15/05

  • Next message: Peter Schmidt: "Re: What do these Account Names mean?" 
    Date: Tue, 15 Nov 2005 16:12:06 +0800

    If it's W2k3 SP1 + it's in this *.domain.com, multiple sites + one IP + SSL
    host header is possible. 

    -- 
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"Ratatooie" <jafiwam@MuNGEDyahoo.com> wrote in message 
news:4378a0d4$1_3@newspeer2.tds.net...
>
> "Fred" <Fred@discussions.microsoft.com> wrote in message 
> news:1FB02CC2-01B4-4835-BA06-A5809A83411A@microsoft.com...
>> Hi
>>
>> We have a server hosting a number of websites accessed via SSL using
>> name1.domain.com and this has been working fine.  We now want to create a
>> second series of websites but with different branding but hosted on the 
>> same
>> server.  The IP is the same but the URL is name2.domain.com.
>>
>> We have created a second Website in IIS and have tried to generate a CSR.
>> The wizard falls over when creaing it with "internal error".
>>
>> Clearly missing something silly. Any idea how to sort this?
>>
>> Thanks
>>
>>
>>
>>
>
> Well... I am not sure you got to the point where it matters yet (your 
> error could be unrelated to the following) however you are going to get 
> one Cert per Virtual web per IP.
>
> In other words, you CANT put more than one cert on the same IP.  The 
> information IIS uses to determine what virtual web to use (host header) is 
> encrypted with the cert... so you dont know what virtual web to use with 
> the traffic.
>
> You need to put more IP addresses on the NIC before what you want to do 
> will work.
>
  • Next message: Peter Schmidt: "Re: What do these Account Names mean?"

    Relevant Pages

    • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
      ... it prompts the user for what client cert they want to use to connect to the ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
      (Focus-Microsoft)
    • Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
      ... I found a link suggesting a test of the OMA using a desktop browser by ... the server and from the phone. ... I then reinstalled the cert, ... Before installing the cert, I could ...
      (microsoft.public.windows.server.sbs)
    • RE: Certificate logon on Unix
      ... I don't know of any package but there is prolly one out there you should ... The good news is that getting fulle client ... and server side authentication is pretty easy so it will work as a quick ... setup your CA and make the root cert Pbk available to everyone. ...
      (Security-Basics)
    • Re: SSL certificates
      ... Should I just create a new self signed cert for StartTLS? ... self-signed certificate to advertise StartTLS to internet Server to Server ... Also I am trying to see how the send/recieve connectors FQDN play a part ...
      (microsoft.public.exchange.admin)
    • Re: IIS website - only allow users with client cert from our CA. Possi
      ... The server cert that you installed on ServerB is for server authentication. ... That would restrict access to those users who have client ... Once I got the server Certificate, I applied it to our Webserver ...
      (microsoft.public.inetserver.iis.security)