Multiple domains in 443 port in same IP

Asked 31/8, 2012 at 11:32 Answered 27/2, 2020 at 8:9

i have hosted the one website "www.example1.com" in port 443(https) in IIS 7. now i bought a new domain for "www.example2.com" for same IP. i would like to host the another website in this domain(www.example2.com) in port 443(i already used port 443 for "www.example1.com").

How can i do this? Is this possible to host two domains in port 443 in same IP? If yes could anyone please let me know the right way to do this? I am using IIS 7.

Sloatman answered 31/8, 2012 at 11:32 Comment(0)

It CAN be done.

SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address. Through the IIS Manager interface, IIS only allows you to bind one site on each IP address to port 443 using an SSL certificate. If you try to bind a second site on the IP address to the same certificate, IIS 7 will give you an error when starting the site up stating that there is a port conflict. In order to assign a certificate to be used by multiple IIS sites on the same IP address, you will need to set up SSL Host Headers by following the instructions below.

What Type of SSL Certificate Do You Need? Because you can only use one certificate, that certificate needs to work with all the hostnames of the websites that you use it with (otherwise you will receive a name mismatch error). For example, if each of your IIS 7 websites uses a subdomain of a single common domain name (like in the example below), you can get a Wildcard Certificate for *.mydomain.com and it will secure site1.mydomain.com, site2.mydomain.com, etc.

If, on the other hand, your IIS 7 sites all use different domain names (mail.mydomain1.com, mail.mydomain2.com, etc.), you will need to get a Unified Communications Certificate (also called a SAN certificate).

Setting up SSL Host Headers on IIS 7 Obtain an SSL certificate and install it into IIS 7. For step-by-step instructions on how to do this, see Installing an SSL Certificate in Windows Server 2008 (IIS 7.0). Once the certificate is installed into IIS, bind it to the first site on the IP address. Open the command prompt by clicking the start menu and typing “cmd” and hitting enter. Navigate to C:\Windows\System32\Inetsrv\ by typing “cd C:\Windows\System32\Inetsrv\” on the command line. In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines):

appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']

 Replace <IISSiteName>  with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)

Test each website in a browser. It should bring up the correct page and show the lock icon without any errors. If it brings up the web page of the first IIS site, then SSL Host Headers haven’t been set up correctly.

Twocycle answered 7/10, 2015 at 2:8 Comment(3)

This is correct, you can do this with a SAN cert. The catch is that if you already have separate SSL certs, you'd need to revoke them and get a new SAN cert, and every time you want to add another domain, you'd need a new SAN cert. – Whittington 13/1, 2016 at 21:22

The final part is assigning the common SSL cert to sites. This can be done in IIS Manager to a single site by editing the SSL binding and IIS Manager will add it other sites automatically. – Handcart 29/1, 2020 at 7:27

@SatishShetty thank you I almost thought this wouldn't work but that made it work (the dialog box will remove the host name if you do it to one of the additional sites, but if you do it to the default site it will update the other sites without removing their hostnames) – Foul 16/1 at 20:6

in iis 7.5 or newer versions - Sites > Add Website - Site Name: example2.com - Physical Path: select directory - Binding: same ip as example.com - Host name: example2.com then in binding check this for both websites

Metagenesis answered 27/2, 2020 at 8:9 Comment(3)

That's not the valid answer. The original poster was asking about IIS7 specifically. Your solution with Server Name Indication doesn't exists on IIS7. – Lettie 7/4, 2020 at 9:35

Unfortunately the state of the world is such that this thread comes up when searching "Multiple domains in 443 port in same IP" and so I'm extremely thankful for this answer nonetheless – Negro 8/4, 2021 at 4:21

There is no way to solve the problem without SNI if you have multiple certificates. You can reissue a combined certificate using multiply SAN records, as described in another answer. SNI is a modern solution. – Purebred 11/12, 2022 at 20:42

You can't in IIS7 - each HTTPS binding requires a unique IP/port combination because the Host Header cannot be used to differentiate sites using SSL. This is because the host header is not visible during the SSL handshake.

Your workaround is to differentiate the sites by binding to a different external IP, or by binding to a port other than 443. Both options are less than ideal I know.

There's a great MSDN blog on this.

Fortunately IIS8 appears to have a solution in the form of Server Name Indication (SNI).

Interestingly this is not an IIS quirk, Apache has the same issue, as would any web server before the introduction of SNI.

Whittington answered 20/2, 2014 at 22:38 Comment(1)

I should add that you can use a SAN certificate pre-IIS8 to have multiple SSL domains with same IP+port. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for myserver.com, and then add more SAN values to have the same certificate protect myserver.org, myserver.net and even myserver2.com or www.example.com. – Whittington 13/1, 2016 at 21:19

I currently use IIS 6.0. I have managed to set up multiple web sites using port 443 and different certificates.

From the IIS manager, go to the web site and edit site bindings. Simply make sure that the Require Server Name Indication box is ticked and leave the IP address: as All Unassigned. You now use the same port (443) for multiple sites by selecting the appropriate certificate for the site from the dropdown list of certificates.

Fda answered 28/1, 2019 at 23:36 Comment(1)

That's not true. You wrote: "...and leave the IP address: as All Unassigned". What you are not telling is that you are using different IP addresses for each website - that's why you want to leave IP address field unassigned. There's nothing special about your method - that's how it always was. The original poster was asking about using the same IP address. – Lettie 7/4, 2020 at 9:33

We also host multiple sites in port 443 but we need UNIQUE IP addresses for each site. You cannot bind multiple sites to port 443 using only one IP address. Unless there is a work-around, but I'm not aware of any.

This article may help: http://www.harbar.net/articles/ssl.aspx

Eidson answered 31/8, 2012 at 11:37 Comment(0)

If you are using a wildcard certificate, just use the format *.domainname.com in the friendly name and the IIS GUI will enable the hostname control for you when you are editing the binding.

A picture tells...

Source

Lamond answered 10/10, 2019 at 4:1 Comment(0)

Recommended topics

Hot tags