In Windows Server 2008 R2 and earlier versions you could always bind one ssl certificate to one site / ip. Because https traffic would normally terminate on port 443 you could only deploy seperate sites on different ips. But what if you had only one ip address? Well, you had no choice – you could only use one single ssl secured site on your server or you needed to get a multi-site or wildcard ssl certificate which you could use with more (sub-) sites.
Now that Windows Server 2012 with IIS 8 onboard has been released to public you can just use the brand-new (for IIS) SNI feature. SNI – Server Name Indication – is a feature in ssl communication between the client and the webserver. Here is what iis.net says about it:
On Windows Server 2012, IIS supports Server Name Indication (SNI), which is a TLS extension to include a virtual domain as a part of SSL negotiation. What this effectively means is that the virtual domain name, or a hostname, can now be used to identify the network end point. In addition, a highly scalable WebHosting store has been created to complement SNI. The result is that the secure site density is much higher on Windows Server 2012 and it is achieved with just one IP address.
It should be noted that in order for this feature to be used, your client browsers have to support SNI. Most modern browsers support SNI; however, Internet Explorer (of any version) on Windows XP does not support SNI.
To configure SNI use IIS Management Console and enable the checkbox for “Require Server Name Indication” in the “Edit Site Binding” dialog for the website of your choice.
Recent Comments