1

I have 50+ sites on my server and they all need a way to access them via SSL. And I cannot afford to buy a unique IP for each site.

Is there a way I can setup a domain like: https://secure.mydomain.com/

And give each site: e.g. domainA.com e.g. domainB.com

a url like: https://secure.mydomain.com/domainA/ https://secure.mydomain.com/domainB/

I know of a few webhosts that do this.

How can I do this?

Do I fiddle with the application starting points?

thanks.

my goal:

  1. buy 1-3 ip addresses
  2. 1 SSL cert.
  3. Offer an SSL url for each site (each site already has a normal domain)
aron
  • 129
  • 4
  • 13

3 Answers3

3

It is possible to do what you proposed. That uses just 1 cert, so it can work with a single IP. There are a couple things to consider.

  • Unless you expect them to have basic content in those folders, they shouldn't use a shared app pool. A shared app pool has security concerns (maybe not a concern for you with a bulk solution...or if it's a trusted solution), but it also means that they are all forced to use the same .net framework version.
  • An option is to mark their subfolder as an application and drop the secure.yourdomain.com/DomainA folder into the same app pool as DomainA's website. It takes a bit more work up front, but it will make https://secure.yourdomain.com/DomainA interchangable with http://www.domaina.com, including all of their code. Just make sure to project the root folder of secure.yourdomain.com so that it doesn't have any web.config settings. That way it won't clash with any subfolders.

Here are two ~10 minute videos I put together regarding SSL headers that you may find useful while you plan out this project: The SSL Binding Issue and SSL Sites in IIS

Scott Forsyth
  • 16,449
  • 3
  • 37
  • 56
0

You can get an SSL cert for all 50 sites if you own all 50... It's called a UCC or SAN cert, and will likely be expensive with that many on it.

If you go the way you have proposed, anybody entering https://domainB.com into their browser will get an error message at best.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • Right, but even with a wild card cert, you still need a unique ip for each site. There are work-arounds, but in iis7.5 its hard and tricky and very fragile. – aron Mar 28 '11 at 17:51
  • @aron, you need a unique IP for each cert, not each site. In shared hosting environments it's common for the different sites on a server to have different owners, necessitating different certs, forcing different IPs (sans SNI). If it's all one owner, one cert, one IP. – Chris S Mar 28 '11 at 19:16
0

That's possible, yes.

In Apache, I'd alias the document root of DomainA (Say, /var/web/DomainA) to Secure.mydomain.com with an alias:

Alias /DomainA /var/web/DomainA

You may also want to take a look at mod_rewrite if you need to mess with sites that use absolute URL references.

In IIS, you can do the same thing with a virtual directory.

The only issue that I could foresee is in the application pools themselves, which would likely have to be reconfigured under the "secure" web server to recognize the new URL paths.

EDIT: As the other answer notes, https://www.domainA.com will still not work. The clients would have to integrate the https://secure.mydomain.com/DomainA URL into their code.

Hyppy
  • 15,608
  • 1
  • 38
  • 59