How to host different SSL on an IP address using IIS 8 SNI?
Before IIS 8, you can host multiple websites that need SSL on a single IP address if they use SSL (SSL Certificate) or use a Wildcard SSL Certificate. A Wildcard Certificate is only useful if an existing site or a domain (Domain) needs SSL on a subdomain (Subdomain) higher.
But what if the website has different names? You will then have a Subject Alternative Name Certificate (SAN Certificate). This SSL certificate allows you to protect multiple websites with just one SSL (SSL Certificate) certificate.
The last option is available before IIS 8 requires setting up additional SSL on each site on the same IP address, but with different SSL port numbers. This will allow you to use SSL of each site / domain on the same IP address but different site.
By default, SSL (SSL Certificate) certificates use port 443 for the security protocol. This port does not need to be specified in the URL because this is the standard port. When you use some other port for SSL, you will be asked to add an unqualified SSL port number in the URL so it works.
And you can imagine that this is not how you want to run a public website. How does a user know how to enter the port number and that is not the common steps that users are familiar with when browsing a website.
Adding an IP address to host another site that requires SSL is a common method used, but in some cases this solution is not a great option for users.
With the introduction of IIS 8 on Windows Server 2012, a new feature called Server Name Identification (SNI) has been added. This feature provides users with a solution to easily store many different SSL sites on the same unique IP address.
By default this feature is integrated on IIS 8 and does not require installation of any additional features to start using the feature. In the section below, Network Administrator will guide you through the steps to configure SNI.
One thing to note when adding SNI to an SSL solution is that SNI will not work with users who are using Internet Explorer on Windows XP.
If your server has multiple IP addresses, you can add SNI to some other websites by assigning individual web pages to a unique IP address for SSL. Both of these methods will work together on other IP addresses without any problems.
Also readers can refer to the article: What is SSL? Is SSL important to the website? here.
Steps to take:
1. The first step you need to perform is to import (SSL) SSL certificate for each site on the server (server) if not already available.
2. The next step is to open IIS 8 Manager and add the first site that needs SSL.
If the first page is available, follow the steps below.
3. After the site has been added to the page selection, click on Bindings . located on the Actions menu in the right pane.
4. Click Add .
a. In the Type box, select https .
b. At the IP address frame, you can leave the setting as All Unassigned or select the IP address you want to use (If there are multiple IP addresses on the server (server), you will have to specify a specific IP address. that you want to use for SNI).
c. Enter your site / domain name in the Host name box.
d. Check the box Require Server Name Indication .
e. Choose SSL certificate (SSL Cetificate) for your website from the Dropdown Menu.
f. Click OK .
5. Create a second website and add SSL binding, follow the steps below.
6. Select Bindings and click Add .
a. In the Type box, select https .
b. At the IP address frame, you can leave the setting as All Unassigned or select the IP address you want to use (If there are multiple IP addresses on the server (server), you will have to specify a specific IP address. that you want to use for SNI).
c. Enter your site / domain name in the Host name box.
d. Check the box Require Server Name Indication .
e. Choose SSL certificate (SSL Cetificate) for your website from the Dropdown Menu.
7. Click OK to complete the process.
That's all you need to do. Check SSL for the site to make sure that on each SSL site has been functioning properly. If you want to add SSL to multiple websites, you take the same steps to add SSL binding for each site.
Refer to some of the following articles:
- Instructions for setting up individual FTP Server with FileZilla
- Quick fix error 107 net :: ERR_SSL_PROTOCOL_ERROR: SSL protocol error on Chrome browser
- VPN theory - What is a virtual private network?
Good luck!
You should read it
- How to host your own website on Raspberry Pi
- Simple and fast steps to edit Host File on Windows 10
- Facebook host file, How to edit the host file on facebook 2017
- What is a computer host file and how to edit a host file?
- Protect computer network with Bastion host (fortress server) in just 3 steps
- Fix Service Host Local System status using multiple CPUs in Windows 10
- How to create a new host file on Windows
- Fix SysMain Service Host using a lot of CPU and memory in Windows 10
- 9 types of servers that can be hosted on Raspberry Pi
- How to open the Host file on Windows 10, edit the hosts file
- Instructions for installing Ubuntu Web Server on remote host
- Deploy KMS activation on Windows Server 2008
Maybe you are interested
Learn about LocalSend: An AirDrop-like app for transferring files between devices wirelessly
The US successfully transmitted 1.6 kW of electricity wirelessly over a distance of 1km using microwaves
What is an SSL certificate? How does it affect your website?
How to charge AirPods wirelessly or with a power cable
Spotify plans to launch a higher-priced Music Pro subscription for lossless songs
How to use Samsung's Wireless PowerShare feature to wirelessly charge other devices