Re: Mulit-domain SSL cert installation

David,
Yes, I have already read through that (and everything else I can find.) But
that article only refers to 'wildcard' certs, which are used for multiple
host names under a single domain name. I am seeking help in using a
multi-domain cert for multiple hosts under separate domain names. Can you
direct me to any documentation on this? I have been unable to find any, and
Godaddy's tech support is unwilling/unable to resolve the problem.

Thanks,
Joe

"David Wang" wrote:

On Jul 18, 5:42 am, Joe <J...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I am hosting multiple domains on my Win2k3/IIS 6 server using a single IP
address and host headers. For the past year I have had only one domain that
required an SSL certificate. Now I have two, and I learned the hard way that
I can't have 2 separate SSL certs on the same server with only 1 IP address.
Rather than use up one of my limited external IP addresses, I went to Godaddy
and purchased a multi-domain cert (not a wildcard cert) with one primary
domain and 2 secondardy names (SANs.) However, everything went downhill when
I tried to install the new cert. I exported and removed the original cert,
then installed the new cert on the new primary web site. I then installed
the existing cert on the other web site. At this point nothing worked. The
new primary site wouldn't start because port 443 was already in use, and the
original site wouldn't find its secure pages. Godaddy support said this was
beyond the scope of their knowledge (even thought they sold the cert.)

Does anyone have any experience with multi-domain certs? This is a
production web server and I can't do any testing during the day. Any help is
greatly appreciated.
Thanks,
Joe


I suggest starting with the IIS documentation of how to do SSL of
multiple domains over a single IP. If you follow its instructions and
understand the fundamental limitations of SSL in your scenario (no
matter what web server you use), you should be fine.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

.

Relevant Pages

  • Re: Trying to do EAP-TLS, and going no where fast.
    ... Host is an OU that gets certs autoenrolled. ... Host has a cert. ... IAS: no IAS logs at all, even though all settings are cranked up. ... out-bound RADIUS packet ...
    (microsoft.public.internet.radius)
  • Re: help, please, about digital certificates?
    ... configuration work with a digital cert, that's the way he insists on going. ... For OWA we connect to the server via their static IP ... This is a bug/feature of IE for the Mac. ... > tied to a specific host name, not a domain name (unless you get one of the ...
    (microsoft.public.windows.server.sbs)
  • Trying to do EAP-TLS, and going no where fast.
    ... with registry settings so that only computer ... Host is an OU that gets certs autoenrolled. ... Host has a cert. ... IAS: no IAS logs at all, even though all settings are cranked up. ...
    (microsoft.public.internet.radius)
  • Re: Self Certs with PPC-6700
    ... Until the host name is the same as the cert this will be a valid issue. ... it and it does show up under the Root Certificates on the device. ... This xng server does not have a fqdn because it is ...
    (microsoft.public.pocketpc.activesync)
  • Re: HTTPS proxy tool that resigns SSL certs
    ... I got around this a different way, by using a 2 factor attack against the host. ... a cert signed by micky mouse for all it cared, ... You have an option to go with a managed service or an enterprise software. ...
    (Pen-Test)