find a location for property in a new city

Thursday, 18 November 2010

How to host multiple secure sites in IIS

I have two sites: www.site1.com and www.site2.com. Both have pages that are served securely and so need a binding for https on port 443.

The problem is that only one site can be bound to the https protocol and if I disobey that rule I get strange behaviour such as requests for site1 actually serving the page from site1.

How to host multiple secure sites on your local IIS

First, you should know that sites resolve which site to bind to based on:
  • Host header e.g. local.www.site1.com
  • Port e.g. 443
  • IP adress

In this scenario I really just want to change the host headers of the two https bindings for the different sites but IIS won't let me. But I have ways of persuading it...

Step 1:
Navigate your way to C:\Windows\System32\inetsrv\config where you may or may not see applicationHost.config. This is a very mysterious file, it's there but not, sort of. I've found that it can be edited in NotePad (but nothing else(?))

Step 2:
Ctrl+F your way to "443:" and you should find your attempted 443 http bindings. In my case there are two and they both look like <binding protocol="https" bindingInformation="*:443:" /> (Oh yeah they are exactly the same, lets change that.

Step 3:
Change them to <binding protocol="https" bindingInformation="*:443:local.www.site1.com" /> and <binding protocol="https" bindingInformation="*:443:local.www.site2.com" /> respectively.

Job done

If you check in your IIS UI you will notice that you host headers have indeed been set and your sites should now be able to discriminate between the two.

Follow britishdev on Twitter

8 comments:

  1. Does work with separate SSL certs for each site? The way I understand it, IIS needs to know the cert in order to decrypt the host name and therefore what site to route the request to.

    ReplyDelete
  2. I don't think the host name is encrypted when using SSL

    ReplyDelete
  3. Tried to use 2 certificates, but could not get this to work. All sites i created use the same certificate right now...

    ReplyDelete
  4. it can definitely work with only one certificate (providing the certificate is legitimate for your different sites e.g. a self-signed certificate in a dev environment). Should definitely work for 2 certs... This has guided many people successfully...

    ReplyDelete
  5. This method does not work if you don't have the same wildcard or SAN certificate configured on each site. The host header IS encrypted when using SSL so IIS needs the same certificate to first inspect the host header and then send it to the correct site.

    ReplyDelete
  6. Interesting. Cheers for the extra info Frank!

    Just so you know the set up that works for me is multiple websites on one machine (my development environment) with one self signed certificate shared between them all. NOT LIVE ENVIRONMENT!

    From the comments it does look like this doesn't work in the same way when you have different SSL certs. Probably for the reasons Frank gave.

    ReplyDelete
  7. Please also note that you need to open the file applicationHost.config using a 64 bit version of Notepad see http://www.flos-freeware.ch/notepad2.html as the changes in the files are not always seen in the version of Notepad that ships with windows.

    ReplyDelete

  8. Thanks for posting this useful content, Good to know about new things here, Let me share this, . Hadoop training in pune

    ReplyDelete