IIS7 - two SSL sites on 1 public IP?


#1

i think i’ve asked this before, but not here (can’t remember if there was a solution or not).
I have a Windows 2008 R2 IIS server (IIS7), which has just the 1 public IP address.

at the moment it hosts just the 1 site, and i’m using certifytheweb to give it an SSL cert - all works fine.
the site, for discussion sake, is test1.site.com

we want to add a second site to the server, test2.site.com.
this version of IIS doesn’t support SNI so i believe we are limited in what we can do.

is there a solution that will enable us to have both sites certified on this server as it currently stands?


#2

Yes, this is a limitation of Windows.

Specific IP and port combinations can only have one cert binding, so one workaround would be to create a single cert containing all the domains you need. If it’s for two different customers that may not be desirable, but it would technically work.


#3

both domains are ours (it’s the same top level domain on both, just different sub-domain).
how would i go about doing this?


#4

Just add all of the domains to the same managed certificate and generate it. The cert will have the domain marked as primary as the main name and then have SAN (subject alternative name) records to allow it to work on the remainder. You can see what this looks like in practice if you look at the SSL cert for something like ajhendersonphotography.com, which is a SAN record on my ajhenderson.com domain.


#5

that worked a treat!
it has solved a major issue for us.

i assume there is a limit as to how many domains you can add to 1 cert ?


#6

One certificate can contain 100 names, this is a limit imposed by Let’s Encrypt. However if all your sites are subdomain e.g. something.site.com then you can just get a wildcard for site.com (*.site.com) and use that, that requires using DNS validation.