The problem is that only one site can be bound to the https protocol and if I disobey that rule I get strange behaviour such as requests for site1 actually serving the page from site1.
How to host multiple secure sites on your local IIS
First, you should know that sites resolve which site to bind to based on:- Host header e.g. local.www.site1.com
- Port e.g. 443
- IP adress
In this scenario I really just want to change the host headers of the two https bindings for the different sites but IIS won't let me. But I have ways of persuading it...
Step 1:
Navigate your way to
C:\Windows\System32\inetsrv\config
where you may or may not see applicationHost.config. This is a very mysterious file, it's there but not, sort of. I've found that it can be edited in NotePad (but nothing else(?))Step 2:
Ctrl+F your way to "443:" and you should find your attempted 443 http bindings. In my case there are two and they both look like
<binding protocol="https" bindingInformation="*:443:" />
(Oh yeah they are exactly the same, lets change that.Step 3:
Change them to
<binding protocol="https" bindingInformation="*:443:local.www.site1.com" />
and <binding protocol="https" bindingInformation="*:443:local.www.site2.com" />
respectively.
Does work with separate SSL certs for each site? The way I understand it, IIS needs to know the cert in order to decrypt the host name and therefore what site to route the request to.
ReplyDeleteI don't think the host name is encrypted when using SSL
ReplyDeleteTried to use 2 certificates, but could not get this to work. All sites i created use the same certificate right now...
ReplyDeleteit can definitely work with only one certificate (providing the certificate is legitimate for your different sites e.g. a self-signed certificate in a dev environment). Should definitely work for 2 certs... This has guided many people successfully...
ReplyDeleteThis method does not work if you don't have the same wildcard or SAN certificate configured on each site. The host header IS encrypted when using SSL so IIS needs the same certificate to first inspect the host header and then send it to the correct site.
ReplyDeleteInteresting. Cheers for the extra info Frank!
ReplyDeleteJust so you know the set up that works for me is multiple websites on one machine (my development environment) with one self signed certificate shared between them all. NOT LIVE ENVIRONMENT!
From the comments it does look like this doesn't work in the same way when you have different SSL certs. Probably for the reasons Frank gave.
Please also note that you need to open the file applicationHost.config using a 64 bit version of Notepad see http://www.flos-freeware.ch/notepad2.html as the changes in the files are not always seen in the version of Notepad that ships with windows.
ReplyDelete
ReplyDeleteThanks for posting this useful content, Good to know about new things here, Let me share this, . Hadoop training in pune
Thank you for sharing a superb information. I am impressed by the details that you have on this blog.
ReplyDeleteHKTVmall For PC
نقل عفش من الرياض الى جدة نقل عفش من الرياض الى جدة
ReplyDeleteنقل عفش من الرياض الى جدة نقل عفش من الرياض الى جدة