How to host different SSL on an IP address using IIS 8 SNI?

Before IIS 8, you can host multiple websites that need SSL on a single IP address if they use SSL (SSL Certificate) or use a Wildcard SSL Certificate. A Wildcard Certificate is only useful if an existing site or a domain (Domain) needs SSL on a subdomain (Subdomain) higher.

How to host different SSL on an IP address using IIS 8 SNI?

Before IIS 8, you can host multiple websites that need SSL on a single IP address if they use SSL (SSL Certificate) or use a Wildcard SSL Certificate. A Wildcard Certificate is only useful if an existing site or a domain (Domain) needs SSL on a subdomain (Subdomain) higher.

But what if the website has different names? You will then have a Subject Alternative Name Certificate (SAN Certificate). This SSL certificate allows you to protect multiple websites with just one SSL (SSL Certificate) certificate.

The last option is available before IIS 8 requires setting up additional SSL on each site on the same IP address, but with different SSL port numbers. This will allow you to use SSL of each site / domain on the same IP address but different site.

By default, SSL (SSL Certificate) certificates use port 443 for the security protocol. This port does not need to be specified in the URL because this is the standard port. When you use some other port for SSL, you will be asked to add an unqualified SSL port number in the URL so it works.

And you can imagine that this is not how you want to run a public website. How does a user know how to enter the port number and that is not the common steps that users are familiar with when browsing a website.

Adding an IP address to host another site that requires SSL is a common method used, but in some cases this solution is not a great option for users.

With the introduction of IIS 8 on Windows Server 2012, a new feature called Server Name Identification (SNI) has been added. This feature provides users with a solution to easily store many different SSL sites on the same unique IP address.

By default this feature is integrated on IIS 8 and does not require installation of any additional features to start using the feature. In the section below, Network Administrator will guide you through the steps to configure SNI.

One thing to note when adding SNI to an SSL solution is that SNI will not work with users who are using Internet Explorer on Windows XP.

If your server has multiple IP addresses, you can add SNI to some other websites by assigning individual web pages to a unique IP address for SSL. Both of these methods will work together on other IP addresses without any problems.

Also readers can refer to the article: What is SSL? Is SSL important to the website? here.

Steps to take:

1. The first step you need to perform is to import (SSL) SSL certificate for each site on the server (server) if not already available.

2. The next step is to open IIS 8 Manager and add the first site that needs SSL.

If the first page is available, follow the steps below.

3. After the site has been added to the page selection, click on Bindings . located on the Actions menu in the right pane.

How to host different SSL on an IP address using IIS 8 SNI? Picture 1

4. Click Add .

a. In the Type box, select https .

b. At the IP address frame, you can leave the setting as All Unassigned or select the IP address you want to use (If there are multiple IP addresses on the server (server), you will have to specify a specific IP address. that you want to use for SNI).

c. Enter your site / domain name in the Host name box.

d. Check the box Require Server Name Indication .

e. Choose SSL certificate (SSL Cetificate) for your website from the Dropdown Menu.

f. Click OK .

How to host different SSL on an IP address using IIS 8 SNI? Picture 2

5. Create a second website and add SSL binding, follow the steps below.

6. Select Bindings and click Add .

a. In the Type box, select https .

c. Enter your site / domain name in the Host name box.

d. Check the box Require Server Name Indication .

e. Choose SSL certificate (SSL Cetificate) for your website from the Dropdown Menu.

How to host different SSL on an IP address using IIS 8 SNI? Picture 3

7. Click OK to complete the process.

That's all you need to do. Check SSL for the site to make sure that on each SSL site has been functioning properly. If you want to add SSL to multiple websites, you take the same steps to add SSL binding for each site.

Refer to some of the following articles:

Instructions for setting up individual FTP Server with FileZilla

Quick fix error 107 net :: ERR_SSL_PROTOCOL_ERROR: SSL protocol error on Chrome browser

VPN theory - What is a virtual private network?

Good luck!

What is DHCP or dynamic host configuration protocol?
dhcp (dynamic host configuration protocol or dynamic host configuration protocol) is a protocol used to provide fast, automated and centralized management for ip address distribution in the network.
How IP addresses work
any device connected to a network such as a computer, tablet, camera, etc., will need a unique identifier for other devices to know how to access it. in the tcp / ip protocol, that identifier is called an internet protocol address or ip (internet protocol - ip) address.
What is a subnet mask?
the subnet mask is a 32-bit address used to distinguish between the network address and the host address in the ip address. the subnet mask determines which part of the ip address is the network address and the host address.
How to configure static IP address on Ubuntu 22.04 LTS and 22.10
the ip addresses of most devices today are generated by the dynamic host configuration protocol (dhcp) server. the dhcp server dynamically assigns an ip address to your device when it is connected to the network. therefore, you have the opportunity to change this ip address from time to time.
How does IP address and MAC address work in parallel?
the internet works in the same way as postal services. instead of sending mail, the device sends 'data packets', and the ip address or mac address determines where the packets will come.
How to host your own website on Raspberry Pi
whatever reason you choose to host a website on your raspberry pi, setting up can be done in just a few minutes. better yet, you can use any version of pi, even pi zero.
Instructions for using IP address 192.168.2.2
192.168.2.2 is a private ip address, sometimes used on local networks. this is the second ip address in the ip range starting from 192.168.2.1, sometimes called the 192.168.2.0 network.
Simple and fast steps to edit Host File on Windows 10
file host helps manage access to websites on computers and laptops. however, file host can make you inaccessible, or you want to block a certain website.
Link this website to friends, you will know their address via the computer's IP
this is a tool that allows you to track someone else's ip address over the internet, even if the person's live address allows them.
What is a static IP address?
a static ip address is an ip address that is manually configured for the device, other than the address assigned through the dhcp server. it is called a 'static' address because it does not change.
Understanding IP address 192.168.1.4
192.168.1.4 is the fourth ip address in the range from 192.168.1.1 to 192.168.1.255. home broadband routers often use this ip address to assign to local devices.
Facebook host file, How to edit the host file on facebook 2017
how to access facebook by editing the latest host file. detailed instructions on how to fix the host file, fix the error that the host file cannot be saved. update the latest host file!