Is it possible to have a single site in IIS6, with multiple domains (not subdomains) some domains using SSL? The domains with SSL using a unique IP.
I've read similar situations, but nothing exactly the same as this. But close enough to think that it might cause problems.
I've possibly seen that wildcard ssl's might help due to them not being as mapped to IP address?
No, one SSL enabled site requires one IP address. No way around it. You will see people talk about "work-arounds" using wildcard certificates, but they are confusing two different things. They are confusing a subdomain, which a wildcard certificate can be used for, with a different domain which is not what wildcard certificates will work with.
The web server needs to be able to determine which installed SSL certificate on your server to use when it receives a request that has been encrypted with SSL. In a non-SSL based site, the HTTP header contains the requested domain of the site. This is what allows you to use the host headers feature to support multiple non-SSL websites on a single IP address. Meaning, the server looks at the request, determines the requested site based on the host in the header of the HTTP request, and then passes it to the configured site.
When you have an SSL based site, the new page request comes into the web server already encrypted. Since the header of the HTTPS request is also encrypted, the webserver cannot just look at the requested domain and use the host header feature. It must use the SSL certificate bound to a specific IP address to decode the HTTPS request before it can process the header. While it might be possible for a web server to try to decode the request using all installed SSL certificates on the machine to try to implement an SSL based host header feature, this would slow down HTTPS processing considerably. Hence, the only way to do SSL is by having a single IP address per installed certificate.
Yes, it is possible.
To do so you would create a binding for each host name e.g. www.site1.com www.site2.com etc…
HTTP bindings may share the same IP address if you use host headers in the binding. Alternatively you can still use one (1) IP to one (1) host name.
Each HTTPS binding must use a separate IP address, but you can assign more then one IP address to a site. This is because HTTPS is an encrypted tunnel using SSL/TLS. When the tunnel is established, it is between IP addresses because it has no way to tell the web server what host name it wants to connect to. The
Host
header is a feature of HTTP not TLS/SSL. After the tunnel is established it is too late to choose another binding.For binding information also see https://serverfault.com/a/445685/94787
Also note that while IIS supports it, the web site will still need to support it, which it may not.