I agree. Each SSL certificate on a box needs to have its own IP address. Also on NT 4.0 least if you do this, you cannot use Host Headers (there is a Knowledge Base article on the topic). The reason for the multiple IPS is that as the encrypted stream enters the URL (domain) is still encrypted. It has to rely on the IP address to determine which certificate is the correct one to use.
You can use one certificate, but the browser will receive a message that the certificate name does not match the URL. It is up to the customer to then determine whether or not to accept the certificate/URL mismatch. A trick we have used if beyond the first entry to system it makes no difference in terms of site branding, is to use host headers, leave the entry point to the second domain unencrypted and make a default page that simply redirects to the SSL'ed domain. -----Original Message----- From: Tim George [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 2:49 PM To: NT 2000 Discussions Subject: RE: Multiple SSL Certificates on one machine I believe current SSL implementations disallow more than 1 certificate per IP address. To accomplish what you want, you'd have to use a separate IP address and web site for each domain. Then you should be able to add a certificate for each IP address. You can point both web sites to the same directory, but I believe the OWA loads a ISAPI filter that may not load more than once... You'll need to do more research on that... Sorry, but I do not believe that there is a more elegant solution... -Tim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vinny Avallone Sent: Wednesday, January 09, 2002 12:01 PM To: NT 2000 Discussions Subject: Multiple SSL Certificates on one machine I am running Windows 2000 Sp2 and trying to set up SSL for our Exchange 2000 SP1 machine I have a valid SSL cert and want to install another one. You will be able to reach OWA using two different domains names both pointing to the same machine. If I go the cert wizard, I only have two options remove or renew the current cert. If I remove it, then create a new one with the new organization name, then try to reapply the old one, I only get two options again. Process Pending request or delete request. How do I create a CSR with a different org name and keep the same cert active? Sorry if this confusing, but it's because I am confused. Thanks for your help. ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
