stackoom
  简体   繁体   中英

IIS 7.5 - can 2 sites run on same port with different FQDN certificate

 原文  2014-11-20 17:50:21       iis/ binding/ iis-7.5/ ssl-certificate

Question

We used to have a setup on IIS 7.5. - 1 IIS has 2 websites both run on 443. - It has different host names in the binding - site1.domainname.com, site2.domainname.com - Both sites were bound to a wild card SSL cert - *.domainname.com, and this worked fine for years.

Because of an audit, we had to move to a FQDN certificate.

Now when I bind the FQDN certificate on a site, it does not allow me to add a host name.

http://screencast.com/t/sowdaziJV

It says you can't start the second site as another website is already running on the same port.

This made sense until another internal team got it working. My guess is they used scripting to allow this on IIS instead of IIS GUI.

They have 2 websites running on the same port with different SSL certificate with no Hostnames.

I found out an odd thing about their setup and I was able to set it up like that too.

  • Have the sites with wild card certs and hostnames.
  • Change site one with the FQDN cert.
  • DON'T Change site 2 with FQDN cert. It automatically takes the new certificate and keep the host name
  • They both stay up. If you look at site 2, it looks like it has a hostname binding. but if you edit that hostname is gone. See this figure.

http://screencast.com/t/z5y4n7KhGNE

Questions:

Is IIS running 2 websites on the same port with different FQDN certificate an expected behaviour? I am worried if they took advantage of a bug. I want to be sure if this is allowed before I do this in production.

1 answers

solution1
 1  2014-11-20 18:07:41

They probably turned on SNI. SNI allows the server to discern between a host name and route it to the correct site and then send back the SSL cert associated with the site. The problem is, not all browsers support SNI handshakes. SNI only started with server 2012, so the other team might be running that. Previously, IIS couldn't do this, so each site had to have its own IP / SSL cert. Now, you can run all on 443 for one site, and IIS can figure out which site to respond with by looking at the request.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run two web sites on same port on IIS 7.5? IIS 7.5 Multiple subdomains same wildcard certificate Multiple sites on iis with same ip and port IIS 7.5 - Exposing a website on a different port is not visible outside of localhost Can PHP and ASP.Net run together within the same web site in IIS 7.5? How do I migrate Web sites from IIS 7.5 on one machine to IIS 8.5 on a different machine? IIS multiple sites on same ip with different ssl Can't use WAMP , port 80 is used by IIS 7.5 Can I install IIS 6 & IIS 7.5 on the same Windows 7 machine? IIS Express - Visual Studio - Running multiple sites on the same port
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM