Tuesday, March 15, 2011

IIS: Multiple SSL sites on single IP address

I recently had to set up multiple sites on IIS with SSL and using just a single IP address.  This is pretty straight forward with non-SSL sites - you just specify a different host header for each of the sites. But with SSL, this wont work by default. You have 2 options:
1. specify a different port number for SSL for each of the sits. The disadvantage is that your users will have to access the sites as: https://subdomain.daksatech.com:445/ (if SSL was set up on 445)
2. The other option is to run a script that comes with IIS to enable SSL to work with host-headers. Here's how:
  • Set up wildcard domain on server (IIS)
  • Add certificate to site.
  • Add SSL site on port 443.
  • Run foll. script in command prompt:
    cscript.exe adsutil.vbs set /w3svc//SecureBindings ":443:"
    Eg: cscript adsutil.vbs set /w3svc/844934796/SecureBindings ":443:blogger.daksatech.com"

How to get siteid: In IIS, go to site properties, edit log location, this should show the site id in the LogFile name path. Eg: if the log path is W3SVC234234/exyymmdd.log; here "234234" is the siteid.

Location of adsutil.vbs:

%SystemRoot%\system32\inetsrv\adminsamples

or 
%SystemRoot%\inetpub\adminscripts\



3 comments:

Brian said...

This only works if you have a wildcard certificate.

cheap wildcard ssl said...

@ Brian,

Along with WildCard SSL Certificate, this also works with SAN SSL Certificate.

Anonymous said...

Is it possible to run multiple SSL sites with different SSL certificates on the same IP/port?