Azure – ISA 2006 , two listeners on the same port with different certificates and methods of authentifications


I couldn't find an clear answer to the question :

-Does ISA 2006 support more than 1 listener on the same port (HTTPS /443 , with the same certificate / and different method of authentication – one to FBA with AD and one with no authentication).

I would need that in order to publish ADFS (for Azure ) through the same ISA server where we have the websites published , and I don't seem to be able to configure it .

Thank you!

Best Answer

Using multiple listeners on the same socket (IP:port pair) is not a limitation of ISA, but a limitation of the TCP/IP socket implementation.

If you want to have multiple HTTPS servers on the same machine, you need to have a separate IP address for each site unless you are using SAN or SNI.

Using one listener and multiple SSL certificates is not possible because of a limitation of the original SSL protocol. This was fixed in SSL by using SAN certificates and in TLS with SNI extension.

The only way to have such configuration in SSL3 is to have one listener and a multi-domain certificate (certificate with subject alternative names, aka SAN) or a wildcard certificate (if your hosts are subdomain of the same domain).

New versions of SSL protocol (aka TLS) support multiple certificate via TLS/SNI extension of the SSL protocol, but this might be not supported by all the clients that are accessing your server. See: