If I'm reading the text below from MS's website correctly, then IIS can support multiple websites with host headers, but only with a wildcard certificate...
Here's the text copied from their site at http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5 96b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true -------------------------------------------- Organizations that host multiple Web sites on a single server often use host headers to create multiple Web sites without requiring a unique IP address for each site. For more information about hosting multiple Web sites on a single server, see Hosting Multiple Web Sites. You can configure Web sites that use host headers to serve protected content over a Secure Sockets Layer (SSL) connection, that is, a connection that uses https:// instead of http://. To use SSL with host headers, you must obtain and install a wildcard server certificate. After you configure SSL host headers for a Web site, protected content is served only over an https:// connection. -------------------------------------------- Rick -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, August 07, 2006 10:40 PM To: CF-Talk Subject: RE: SSL Certificates > Rats! After I installed my certificate and couldn't access the > secured site, I started digging around and found out that IIS 5 and > Win 2000 Server can't use Hosting Headers and SSL! > > I host multiple websites and I use Host Headers to do so. > > Am I understanding correctly that I'll have to upgrade to Win > 2003 Server and II6 to host multiple websites using host headers along > with SSL certificates? I don't think so. My understanding is that IIS 6 won't make any difference - you cannot bind multiple sites to a single IP address if you want to use SSL certificates. Host headers are sent within an HTTP request as, well, headers. When you use SSL, the entire request is encrypted, and needs to be decrypted by the server before it can be processed. IIS can't know which virtual server a request belongs to until the request has been decrypted, at which point it's too late to direct it to a specific virtual server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:249101 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
