Mobile app version of vmapp.org
Login or Join
Chiappetta492

: How can I configure multiple HTTPS sites on one IIS intranet server using a single IP address? I have an IIS 8.5 server running on our intranet. We'll call it MYIISSERVER. It has only one

@Chiappetta492

Posted in: #Https #Iis8

I have an IIS 8.5 server running on our intranet. We'll call it MYIISSERVER. It has only one IP address.

Under MYIISSERVER, I have several sites:


Site1 - currently to access this site we use the address MYIISSERVER/Site1:8003 Site2 - currently to access this site we use the address MYIISSERVER/Site2:8004 Site3 - currently to access this site we use the address MYIISSERVER/Site3:8005 Site4 - currently to access this site we use the address MYIISSERVER/Site4:8006

I now have to make all of these sites use SSL using the default HTTPS port of 443.

I have read about Server Name Indication(SNI) on IIS 8 and above. From what I understand, this is similar to using host header names on an unsecured site that uses port 80.

What is the best route to take on doing this? Do I get an individual certificate for each site? Do I get a SAN certificate to include all of the sites (if this is even possible for this scenario)?

This is on an intranet. I can ping the server these sites run on by using the FQDN of the server. Currently, there are 5 sites running under this host name using different ports. So when someone on our intranet wants to access one of these web apps, they type FQDN:<port>. I now have to make all of these sites use SSL for a secure connection.

What do I use for the host name when setting up the SSL binding?
Do I have to have each site registered with DNS?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Chiappetta492

1 Comments

Sorted by latest first Latest Oldest Best

 

@Gloria169

Assuming that you are running IIS 8 or above, you can use Server Name Indication to host multiple sites on the same IP address under SSL.

You will need to have a unique HostName for each site - this can be either subdomains of a common domain, distinct domains or if these are only ever accessed within the corporate intranet, you could also use a distinct name for each application, assuming that the entries are within the corporate DNS.

You will need certificates for each of the application names - again, you have different options depending on the hostname style - for example a wildcard certificate for the common domain, a Subject Alternate Names (SAN) certificate listing the distinct domains, a self signed certificate with the internal names (this later would need to be deployed out to all the client machines otherwise they will warn users not to trust the certificate), or distinct certificates for each application.

Finally, within IIS for each site you add an "https" binding - if you are running IIS 8 you'll need to select a wildcard or SAN certificate before you can add a hostname, on later versions (certainly IIS 10) you can add a hostname and select "Requires Server Name Indication" before selecting the certificate

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme