I'm trying to figure out if it's possible to install multiple SSL for multiple domains under the same server/ip (win)?

It was a little bit confusing trying to read the past topics.. so I thought I'd just ask. :)

You can have a different SSL certificate per Web 'server' in IIS, basically what you need to do is create a new web 'server' in The Microsoft Management Console, assign it as the same IP address as the other one, then make the host header the URL of the certificate.

example.

If the IP is 127.0.0.1 the SSL cert is registered to ssl.yourbox.com

You would make a new site in IIS for 127.0.0.1, but at the bottom you type in ssl.yourbox.com in the 'host header' field, then when you right click on the site in the MMC and go to properties > directory security, install the certificate as normal.

Thanks,
-Drew

You cannot have more than one SSL-enabled site per IP address. This is because the SSL handshake occurs before the server can figure out the ServerName you're trying to get to.

HMM. I think I understand nixboxen and volfman are saying... but that also means...I have 1 yes and 1 no..?

is it possible that can someone elaborate on this for me?
it'd be much appreciated..

Actually, it is NO. The one IP per SSL applies if you do not want that error messagebox popping up saying that something is wrong with your certificate.

Although your SSL is fully bounded to your qualified domain name, web server will link your SSL certificate to an IP address. Linking multiple SSL certificates on one single address will get unexpected error, just like what eddy mentioned above.

Basically, the domain name that will use the SSL certificate MUST appear to be the first one in your web server configuration [based on IP address]. Any domain name that has the same IP address but appear the second or below list in your web server configuration file will be ignored or will not be read at all before the handshake occurs. Thus a 'domain mismatch' errors generated.

oki doke, thanks guys. I understand now, so the SSL cert. is specifically IP based.. then is it possible to bring more than 1 ip to the server...so that i get to have more than 1 ssl on the server (is this what nixboxen meant?).

If you own a server, request more IP allocation from whoever you rented or collocated the server with, make sure and explain them you need it to install SSL enabled site.

If you own a reseller account, contact your host for more IP allocation and explain them you need it to install SSL enabled site.

If you own a datacenter or similiar facility, then go to http://www.arin.net for more information about the Internet Numbers Registration.

cyberservers (and all who replied), THANKS!!

Each Web site must have a unique combination of identification characteristics. Therefore, while multiple Web sites can share two of their three identification characteristics, (domain or host header name, IP address, and port), they must have one characteristic that is different. Also, because SSL certificates contain the domain name in them, Web sites using certificates cannot share an IP address with other Web sites.