Multiple SSL sites on one IP

Its possible to set up SSL on multiple sites to one IP. Normally host headers are used to determine the website in IIS. Under SSL these are encrypted so they cant be used. Secure server bindings can be used to get round this problem. This is useful if youve got sites that require SSL on their qa/uat environments (and all sites are hosted on the same box). To set it up you need to:

Create a self-signed wildcard SSL certificate (or purchase one)

1) To do this you can use the following command using selfssl:

C:\Program Files (x86)\IIS Resources\SelfSSL>selfssl.exe /n:cn=*.trueclarity.co.uk /s:857116387 /P:443 /v:3650

where /n is the domain, /p is the site id in IIS(just use 1 of the sites to begin with) /p is the port and /v is expiry (3650 is 10 years)

Set up the secure server bindings

2) Once this is done you can set up the secure bindings using cscript (usually in c:\inetpub\adminscripts). Example would be:

cscript adsutil.vbs set /w3svc/900548599/SecureBindings :443:uat.bar.co.uk
cscript adsutil.vbs set /w3svc/1992538283/SecureBindings :443:qa.bar.co.uk

Youll need to swap the number in the middle for the site id and the appropiate host name. You should then be able to add ssl to the sites (you should be able to select the cert selected in step 1). Stop then start the sites to check there is no issues.

Its not possible to use 2 certs on the same IP. For a site I use this on we have 2 public IPs going to the server, so one IP serves the live site with its real cert, and the other IP serves all the qa/uat sites with wildcard slef signed cert.

Leave a Reply

Your email address will not be published. Required fields are marked *