2

If I buy a Wildcard SSL Certificate for one domain, like: domain.com and I have 40 sites, like apples.domain.com and pears.domain.com

All the sites are on the same IIS 7 server

Does each site need a unique IP address?

If yes, is there anyway around it?

aron
  • 129
  • 4
  • 13

3 Answers3

6

No, they do not need to be on unique IP addresses.

Navigate to C:\Windows\System32\Inetsrv\ In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate:

appcmd set site /site.name:"{IISSiteName}" /+bindings.[protocol='https',bindingInformation='*:443:{hostHeaderValue}']

Replace {IISSiteName} with the name of the IIS site and {hostHeaderValue} with the host header for that site e.g. site.mydomain.com

Tatas
  • 2,081
  • 1
  • 13
  • 19
  • wow, the text editor approach is a bit scary. There's got to be a nice GUI way?? – aron Sep 03 '10 at 18:58
  • IIS 7.5 on Windows 2008 R2 allows you to handle this in the GUI. Just select the wildcard certificate and the host header input field will allow you to specify the header you want. – Dscoduc Sep 04 '10 at 06:34
  • Well since you specified IIS 7, you're going to have to resort to the command line to modify the metabase. AFAIK there is now way to modify things properly in the GUI. No clue about II 7.5. – Tatas Sep 06 '10 at 17:54
  • I tried this solution, it did not work. I still got the error about the site using the same port as an existing site. – aron Sep 09 '10 at 02:54
  • Dscoduc - are you sure? I'm in iis 7.5 and the host header textbox is disabled after you select "https" – aron Sep 09 '10 at 03:02
  • I guarantee you that this works aron. You should only get the error about using the same port if you're doing this through the GUI. Running this command from and elevated command prompt will override this. It's possible the command isn't getting run properly. Can you post the command you're running. – Tatas Sep 09 '10 at 17:30
  • Unfortunately, there isn't a way to do this in the GUI yet. The command line method does work though. Try removing the certificates from all the sites and starting over following these instructions: http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html – Robert Sep 10 '10 at 00:41
0

Since this is a wildcard cert, you only need one IP for all of these domains. HOWEVER, if you add a new domain, eg: example.com, and want to do HTTPS on that, then you will need a new IP. But, any subdomains for domain.com will properly be verified by the wildcard cert.

Ryan Gooler
  • 352
  • 1
  • 9
0

No you donn't need separate ip address for each sub domains. You can secure UNLIMITED sub domains on single ip address with wildcard ssl certificate. Below link help to setting up wildcard ssl certificate : http://www.clickssl.com/blog/how-to-install-wildcard-ssl-certificate-in-iis-7/

Jay Dan
  • 39
  • 2