Home / server / Questions / 58944
In Process
K M
Asked: 2009-08-27 04:59:12 +0800 CST

IIS6 Multiple SSL websites to a single HTTP website?

  • 772

Running a IIS6 server on Windows 2003. All the websites use ASP.NET

I have a number of websites all running separate HTTP websites:

www.domain1.com www.domain2.com www.domain3.com

I have a separate HTTPS website

www.secure.com

These websites are all running on the same server.

I now wish to intergrate the content of www.secure.com into each of the domains in a transparent way. Such that each website despite having its own SSL connection displays the same website. The complicatrion is www.secure.com needs to know which website the connection has come from to apply the appropriate branding. The idea behind this is to have only one website, and location, but it keeps the core website brand. https://domain1.com looks alot better from a marketing point of view (and avoids users getting confused about what our secure website is)

SSL www.domain1.com/secure -> displays www.secure.com (branded domain1)

SSL www.domain2.com/secure -> displays www.secure.com (branded domain2)

SSL www.domain3.com/secure -> displays www.secure.com (branded domain3)

How would the best way of achieving this, i'm open to using additional software if necessery. Would a reverse proxy be sutible for this situation?

windows-server-2003

5 Answers

  1. The cheapest and easiest way to achieve this would be to use subdomains. That way you can get a wildcard cert and use just one IP address.

    For those still coming across this problem, check out this post about how to Run Multiple SSL Websites on IIS6 Using a Wildcard Certificate

    • 3

  2. IIS 6 does allow you to do multiple SSL hosts on a single IP address, but requires the use of wildcard SSL certificates. Microsoft has a technet article here on how to set it up. Keeping this in mind, you could get a *.securedomain.com SSL certificate, and use:

    • site1.com/secure -> site1.securedomain.com
    • site2.com/secure -> site2.securedomain.com
    • site3.com/secure -> site3.securedomain.com

    Your application can look at the host headers, and see the site1.. site2.. site3.. and apply the necessary branding.

    Thinking about it, if you do use a wildcard SSL certificate, you don't even need to have multiple sites, assuming your website code knows how to figure out which HOST it is showing the end user (read the HOST header from the request).

    • 1

  3. I don't actually know how to do this in IIS (or even if it is possible), but I thought I should note that you are going to need separate IP addresses for each of your domains if this is going to work. This is because the SSL handshake happens before header information is passed, so you can only have one certificate installed on a given IP address.

    • 0

  4. Cause the SSL handshake is done before any header information (domain names...), you can only get one https website per IP.

    So what your were planning to do, is not a solution...

    What you could do if you only want to have 1 SSL certificat. if to have this configuration: https://securedomain/site1 -> site1 content

    https://securedomain/site2 -> site2 content

    https://securedomain/site3 -> site3 content

    • 0

  5. If you can get multiple IP addresses, this is not a problem whatsoever. Just set it up ^^ All you need to make sure of is that the SSL bindings are set to the specific IP and not "all IP" as the default is.

    • 0