"justageezer" wrote:

> Hi all,
> I've read the posts on multiple SSL certs on virtual servers, as well as the
> kb articles (again) and I'm wondering if anyone has had the same issue I'm
> getting now. In the past I've always managed to get multiple certs working by
> either using a different port or a different IP address. I understand
> encrypted host headers but I thought that as long as the SecureBinding for
> the vserver was unique it should work.
> E.g x.x.x.x:443 and x.x.x.x:444 would work, OR x.x.x.x:443 and x.x.x.y:443
> would work. IIS shouldn't need to decrypt the host header (which it cant
> until it gets the right cert anyway) as long as there is only one vserver
> that matches the IP:port of the request?
> Sooo... I've gone to set up a second cert on our current server, bought a
> second IP, configured the vserver to use the new IP and installed the cert.
> No joy - IIS won't bind as it claims that binding is taken - despite the
> other ssl vserver using the other IP. If I set the second site to use 'All
> Unassigned' IIS will bind, but it still don't work :(
> SSL Diagnostic tool can successfully imitate a handshake, however a browser
> simply times out.
> Any ideas?
> TIA,
> Paul Bryant

"justageezer" <justagee***@discussions.microsoft.com> wrote in message
news:F0F39F35-508D-48A1-A168-7C822751384A@microsoft.com...
>I forgot to mention I'm running IIS5.1/Win2K fully patched, bandaged and
> locked-down, and that I can get both secure sites to work if I use both a
> different IP and a different port, however this would be the solution of
> last
> resort.
> tia
> Paul
> "justageezer" wrote:
>
>> Hi all,
>> I've read the posts on multiple SSL certs on virtual servers, as well as
>> the
>> kb articles (again) and I'm wondering if anyone has had the same issue
>> I'm
>> getting now. In the past I've always managed to get multiple certs
>> working by
>> either using a different port or a different IP address. I understand
>> encrypted host headers but I thought that as long as the SecureBinding
>> for
>> the vserver was unique it should work.
>> E.g x.x.x.x:443 and x.x.x.x:444 would work, OR x.x.x.x:443 and
>> x.x.x.y:443
>> would work. IIS shouldn't need to decrypt the host header (which it cant
>> until it gets the right cert anyway) as long as there is only one vserver
>> that matches the IP:port of the request?
>> Sooo... I've gone to set up a second cert on our current server, bought a
>> second IP, configured the vserver to use the new IP and installed the
>> cert.
>> No joy - IIS won't bind as it claims that binding is taken - despite the
>> other ssl vserver using the other IP. If I set the second site to use
>> 'All
>> Unassigned' IIS will bind, but it still don't work :(
>> SSL Diagnostic tool can successfully imitate a handshake, however a
>> browser
>> simply times out.
>> Any ideas?
>> TIA,
>> Paul Bryant