How to install more then one SSL on Windows 2008/IIS7?

We searched about this topic here and found lot of posts that cover different parts from this topic bu开发者_如何学Pythont we didn't find and answer for our solution.

Problem:

• We have Windows 2008 Server with IIS7 and we would like to install more then one SSL on this server.
• We have one IP address for this server but maybe we could get more of them, and we found that we can have only one SSL on one IP address

Questions:

• If we are not wrong, we can have only one SSL on Windows 2008 / IIS7 if we have only one IP?
• We found SSL certificates for multiple domains but this is not suitable for us because in green box in Address bar will be visible only one company (this is suitable for one company that has multiple websites). So the only option is to buy different SSL for each different company and what is the best way to set IIS7 to support this?
• Can we host different websites (each with its own SSL) on same IIS7 webserver? What are our options?

Thanks Alex

Unfortunately it is not currently possible to have multiple SSL certificates issued to multiple domains on a single IP address. There has to be a one to one relationship between SSL certificate, domain and IP. So you only option is to get additional IP address for the server.

You can use Host Headers to partially solve the problem, but inferring from your question I assume you have already encountered this and disregarding it as a viable option. Just incase anybody is googling and finds this question:

Host Headers allows you to bind a single certificate (multidomain or wildcard) to multiple domains on a single IP address, for example:

              sub1.mydomain.com
192.168.0.1 > sub2.mydomain.com > SSL: *.mydomain.com
              sub3.mydomain.com

More info on how to configure this can be found here:

http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html

Another option is using different port than 443 with same ip.

Plus; have a look: Using Host Headers and SSL in IIS 7 (without the ugliness of appcmd)

If you need each website to show a different company in the certificate, the only option available currently is getting additional IP addresses. You will simply create additional IIS websites and bind them to the new IP addresses.

Due to a Microsoft rule, Windows Server 2008 R2 can't be upgraded to IIS 8, the maximum IIS version is 7.x; however I found a way to have more than one SSL sites using the same default HTTPS port (443) by the Host Headers mechanism. It is mentioned here and if you need clarifications about the Host Headers mechanism you can take a look here.