0

Background

Currently we have some servers that are going to give service to a certain region, thus they have their own unshared users, although we need to establish a secure connection in order to make the site function correctly.

Problem

By now we only have one single domain SSL certificate that permits just one site function with https and we are looking for the best cost effective solution by spending the less in certificates and extra servers in order to offer a HTTPS connection to all of our sites.

Question

Is it possible to establish many HTTPS connections to different sites located on various server only using one UC Certificate ?

Specs

  • Windows 2003 Servers (latest SP) X 3
  • IIS 6.0
  • 1 public IP
  • 2 regional sites (Ex: North America site / South America Site )
  • RIA App

Constraints

  • A single IIS can not contain all the websites
  • Sites are separated to offer better application performance

Proposed solution #1: Make an IIS 6.0 server a reverse proxy

With this approach I think the user could access the site and the application easily although I am concerned about how the SSL would behave and also if there could be problems because the site is a RIA.

Sources

Making IIS 6.0 a reverse proxy

Proposed solution #2: Use IP aliasing or NAT

Although the article was about Linux and Apache, I think a somewhat equivalent solution could be given using NAT to redirect the user to the correct site. Once again my main concern is that the HTTPS connection could fail.

Sources

https://www.ibm.com/developerworks/web/library/wa-multissl/index.html#resources

Proposed solution #3: Virtual directories

This one seems interesting although I do not see it as practical because what we really want is to separate the distinct sites and not make one server that runs all of them.

Sources

http://forums.devshed.com/iis-97/redirect-to-another-internal-webserver-317863.html

Proposed solution #4: Use a load balancer

This one seems as the most obvious solution, although I want a more static solution, and also I would like to see how this works with HTTPS.

Final thoughts

  • We can buy the UCCert although we would prefer not to
  • Can we use a single domain cert to accomplish all that?
  • How will ASP sessions would be handled by this setting?

Thanks a lot for your time and a lot more if you can contribute in some guidance over how to make the best choice.

user1139406
  • 3
  • 1

1 Answers1

0

It is possible to use one UC certificate for multiple sites. However, there are some constraints:

  • All of the domains hosted with that certificate will be visible on that certificate.
    • example.com, example.org, example.co.uk will all be visible on the certificate.
  • Your SSL provider may not issue a certificate with additional domain-names not hosted in the same domain, or for domains for which you can't prove ownership.
    • imap.example.com + owa.example.com are just fine, but example.com + example-the-second.org may not be permitted.
  • Your SSL provider will only allow a certain number of additional domain-names on the certificate, which is likely well below your site-count-per-server ratio.
sysadmin1138
  • 133,124
  • 18
  • 176
  • 300