By Tom Hundley on
12/16/2008 9:55 PM
You may or may not know that you can't used host headers with SSL certificates. Without getting into the details, the basic reason for this is that the host headers are embedded in the HTML header, which is encrypted with SSL, and thus IIS can't open the header to get the host header information. Therefore, instead of using host headers for 443, you simply use IP address. This is fine, but if you have 100 sites to encrypt, you would need to have 100 IP addresses. Well, actually, this WAS fine until ICAN started cracking down on the number of public IP addresses you could have.
So how do you get around having multiple IP addresses? Well, if you are a hosting provider, you'll end up enjoying the $2K - $100K SSL hardware accelerators you can buy. They're actually pretty cool. But if you're not a hosting provider and you're a simply company trying to secure web pages on multiple subdomains such as www.something.com, customers.something.com, and freakydeak.something.com, the answer is to purchase a wildcard certificate and assign it to *.something.com. Super! But you might notice as you start to implement your solutions, the host header problem is still there. Grr. Well, don't fret- there is a solution. You can modify the IIS6 metabase, but since its almost 2009, I'm just going to talk about Windows Server 2008 and IIS 7.
...
Read More »