On IIS 7.5 I am trying to achieve this with two websites:
Default Web Site is bound to:
(blank host header port 80 - http)
(blank host header port 443 - https)
go.example.com
www71.example.com
the IP address of go.example.com
2nd web site "Beta" is bound to:
beta.example.com
(blank host header port 443 - https)
* using blank only because it doesn't seem to be possible to
bind https to a named host header
And both need to work with SSL. But I have these problems:
- When I type in beta.example.com, I see the go.example.com site instead
- I can not seem to add the SSL binding to both websites at once (I have a single *.example.com wildcard certificate). The beta site will not even start if I add the https binding to it.
This is how I have set it up:
What is the correct way to set it up?
Best Answer
Without SNI extensions, you can bind only one SSL certificate per IP:port pair. If you need to run 2 HTTPS on the same IP -- bind them to different ports and then refer to such site providing port in URL (e.g.
https://beta.example.com:444/). You can use the same wildcard certificate on different ports without any issue.If you have more than one site with blank host name (for HTTP protocol), then the one with lower ID should be a "catch all". The same goes for HTTPS -- the one with lower ID should intercept all requests on that port.
On another hand, you have a wildcard certificate and I have seen one article which tells that this can be done in IIS7: http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html . I tried it myself in the past, but it did not worked well for me -- quite often IIS was throwing a 5xx error when accessing even static files (which stopped happening when we bind another host to a different port). Maybe it has been fixed since then.