• 15

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Multiple SSL Websites running from 1 IIS Site

I am trying to find the best way to set up SSL certificates for a CMS web application we're developing. We'll be adding new sites frequently which require content to be served over HTTPS / SSL, but the domains will be different per client.

It is an ASP.Net (3.5 SP1) application running on IIS 6 (Win Server 2003), and ideally we'd like to run it from one IIS site. Firstly for performance, as I'm guessing having lots of IIS sites running from the same set of files, each maintaining their own database connections and cache isn't a very good idea?! Secondly, to keep things simple from a maintenance and scalability point of view.

So, is there a way to set up our app on one site in IIS which has some kind of universal SSL certificate for potentially hundreds of domains? Or if that's not possible or not recommended, what are the next best options? Or if upgrading to Win Server 2008 & IIS7 would help, we could look at that too.

Many thanks, Tim

    • Thanks Jeremy - I've posted there too, but am hoping to find a developer on here who's worked on a similar scenario. I also think that some solutions will have an impact at the application/programming level due to the ASP.Net caching I have set up.

Its not possible to use more than one certificate per site in IIS 6 and as far as I am aware the same is true of IIS 7.

If your clients can all use a subdomain of the same domain, you could use a wildcard cert (*.domain.com) to do this. If thats not possible, then a SAN cert would allow multiple domains in one certificate,but if your going to need hundreds of domains, its going to get expensive, and you may reach a limit of how many domains your allowed per cert.

There's nothing to stop you having multiple sites in IIS, all pointing to the same content.

  • 2
Reply Report
    • Thanks Sam. If I do have multiple sites in IIS, will that cause any issues with the ASP.Net cache, database connection etc, and will IIS/.Net really cope with serving from the same set of files?! Are there any other considerations with that scenario? If not, I think this will be ok for the short term, but I will also look at SAN certs.
    • Whether you server 100,000 request from one site, or 10,000 request each from 10 sites it shouldn't make much difference as far as IIS is concerned. As for the asp.net cache, I don't think it should be an issue, but I'm not a .net expert.

Even if you use multiple IIS sites, you would need to have a unique IP address and certificate for each site. If you don't have a unique IP address for each site, you would need to use a wildcard certificate or UC certificate (http://www.sslshopper.com/unified-communications-uc-ssl-certificates.html) anyway, and then configure SSL Host Headers for each site: http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html

I would recommend trying to use subdomains so you can use a wildcard certificate on one site.

  • 1
Reply Report

Remember, you can only use ONE certificate per ip/port combo. You can of course use a wildcard (SAN) certificate on multiple IPs and/or ports. This means you need multiple IPs (since using a non-standard 80 port is often not acceptable) for you server, if you are not using a SAN certificate, since you cannot assign two different certificate, listening on the same IP.

Hope this is clarifying.

  • 1
Reply Report

Use a single IIS site and logic in the application to detect which client to serve. I would install either a multiple domain SSL certificate or a wildcard subdomain cert. GoDaddy has multiple domain SSL certs:


For around $1,200 / yr you can serve over 100 domains. Where I work we have a wildcard subdomain and have an application that serves multiple subdomains.

Here is a site that may help you as well: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true

If I remember IIS6 has trouble adding multiple SSL bindings for a single site. You can do this, but you must use the command line and not the GUI. See:


  • 0
Reply Report

Trending Tags