Geek Answers Handbook

How to install more than one SSL on Windows 2008 / IIS7?

We searched for this topic here and found many posts that cover different parts of this topic, but we did not find and were not responsible for our decision.

Problem:

  • We have a Windows 2008 Server with IIS7 and we would like to install more then one SSL on this server.
  • We have one IP address for this server, but maybe we could get more of them, and we found that we can only have one SSL on one IP address.

Questions:

  • If we are not mistaken, can we have one SSL in Windows 2008 / IIS7, if we have only one IP?
  • We found SSL certificates for several domains, but this is not suitable for us, because in the green box in the address bar only one company will be visible (this is suitable for one company that has several websites). So the only option is to buy a different SSL for every other company, and what is the best way to configure IIS7 to support this?
  • Can we host different websites (each with their own SSL) on the same IIS7 web server? What are our options?

Thanks Alex

+8
ssl iis-7 openssl ssl-certificate
source share
3 answers

Unfortunately, it is currently not possible to install multiple SSL certificates for multiple domains on the same IP address. There should be one single link between the SSL certificate, domain and IP address. This way you can only get an additional IP address for the server.

You can use host headers to partially solve the problem, but based on your question, I assume that you have already encountered this and do not consider it viable. Just succumb, someone resorts to a search and finds this question:

Host headers allow you to associate a single certificate (multidomain or multicast) with several domains on the same IP address, for example:

sub1.mydomain.com 192.168.0.1 > sub2.mydomain.com > SSL: *.mydomain.com sub3.mydomain.com

More information on how to configure this can be found here:

http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html

+11
source share

Another option is to use a different port than 443 with the same ip.

A plus; look: Using host headers and SSL in IIS 7 (without the ugliness of appcmd)

+4
source share

If you want each website to show a different company in the certificate, the only option currently available is to get additional IP addresses. You simply create additional IIS websites and bind them to the new IP addresses.

0
source share

Source: https://habr.com/ru/post/649912/

More articles:


All Articles