How to bind multiple sites with SSL on one IP address and port


IIS would normally require multiple IP addresses or Ports for sites that bind with SSL. This is because before sending site’s header, the SSL handshake is established which encrypts headers. When a request is received by a web server, it needs to know the header information (because it contains sites name) to be able to use the right certificate to decrypt information. If a request is received and the HTTP.SYS layer cannot read the header to use the right certificate to decrypt information, then it will not be able to redirect request to the right website. For this reason, a web server allows one site per IP and Port for HTTPS connections. To get another website working in parallel you will need to use different IP or Port with SSL connections.
To resolve this issue you will need to purchase a wildcard certificate (for example *.ppscu.com) so you can use all websites that are part of the same domain. Suppose you have two websites named site1.ppscu.com and site2.ppscu.com. You will need to add the following configuration in applicationHost.config:
How to bind multiple sites with SSL on one IP address and port

 

As you can see from the configuration lines, each website contains a SSL binding that listens on all IPs (*) on port 443 but also contains the host name information. I’ve installed a wildcard certificate that is used for all SSL communications. When a request is received by the IIS server, the certificate will be used to decrypt data and read the header information that contains the host name for a specific site. HTTPS.SYS will then know where to redirect the request.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s