IIS 7 multiple websites 1 SSL certificate

Download PDF

Introduction

 

It is not possible in IIS 7 to have multiple websites on the same IP/port combination using different certificates, however it is possible to have multiple websites on the same IP/port combination if they use the same certificate.

 

This can be solved in two ways:

 

A wildcard certificate which covers all the sub domains at the same level (e.g. *.fairssl.dk will cover both www.fairssl.dk and support.fairssl.dk, but not tickets.support.fairssl.dk).

All websites will here need the same base domain (e.g. fairssl.dk, so www.fairssl.net would not be covered).

Follow Configuration of default website followed by Configuration with wildcard certificate.

 

 

A SAN certificate which will cover exactly the names present in the certificate, but which can cover multiple base domains (e.g. www.fairssl.dk and www.fairssl.net can both be covered).

Follow Configuration of default website followed by Configuration with SAN certificate.

 

Configuration of default website

 

  1. Login to the server with an administrator account.

 

  1. Press windowskey + r

Enter inetmgr

Press Enter.

 

 

  1. Expand the server the website is connected to.

Expand Sites.

Select the website that should be the default.

Click Bindings on the right.

 

 

  1. Click Add.

If you already have an HTTPS binding select that and click Edit instead.

 

 

  1. Select  HTTPS.

Enter the IP address the website should be available on.

Select the correct certificate in the list (for installation of the certificate see IIS 7  SSL Administration).

Make sure Host name is empty if you are using a wildcard.

Click OK.

 

 

Configuration with wildcard certificate

 

  1. Select another website that is to use the certificate.

Click Bindings.

 

 

  1. Click Add.

If you already have an HTTPS binding select that and click Edit instead.

 

 

  1. Select HTTPS.

Enter the IP address the website should be available on.

Select the correct wildcard certificate in the list.

Enter the DNS name of the website in Host name.

Click OK.

 

 

  1. Repeat until all the websites as the correct bindings.

 

 

We recommend that you test the installation with our server tester on https://www.fairssl.net/en/ssltest/

 

  1. When the certificate is renewed this needs to be done again.

 

Configuration with SAN certificate

 

  1. Select another website that is to use the certificate.

Click Bindings.

 

 

  1. Click Add.

If you already have an HTTPS binding select that and click Edit instead.

 

 

  1. Select HTTPS.

Enter the IP address the website should be available on.

Select the correct SAN certificate in the list.

Click OK.

 

 

  1. Press windowskey + r

Enter cmd

Click Enter.

 

 

  1. Navigate to c:\Windows\System32\inetsrv\

 

cd c:\windows\system32\inetsrv

 

Execute the following command to activate the Host name on the website's HTTPS binding:

 

    • : The website's name in the ISS manager
    • : The IP address you entered in bindings (use * for all unassigned)
    • : The port the website is to be reached through (443 is standard for HTTPS)
    • : The host name on the website

 

appcmd.exe set site /site.name: /bindings.[protocol='https',bindingInformation='::'].bindingInformation:::

 

 

  1. Repeat until all the websites as the correct bindings.

 

 

We recommend that you test the installation with our server tester on https://www.fairssl.net/en/ssltest/

 

  1. When the certificate is renewed this needs to be done again.