Domain and subdomain – using same ip and ssl certificate with san for both domans?

Moulde asked:

I have a site with a SSL certificate. Now I need to add another site, also using HTTPS.

It seems it is possible to do by creating the binding for the new site using another port for the HTTP and HTTPS traffic. This I’d like to avoid, as adding exceptions in the firewalls is a lengthy process due to security policies.

The way I thought was possible to get around adding new ports was to add the site as a subdomain, and then change the SSL certificate to have an additional SAN name that matches the new subdomain.

I tried testing this on my local machine, but after adding the 443 port with the certificate on both sites, editing the host file to contain the subdomain, and then adding the subdomain as a hostname to the new iis website. Only one of the sites can be started, the other one complains that another site may be using the same port.

Questions:

  • I feel it should be possible to use the same certificate on a domain and a subdomain at the same time without jumping through hoops?
  • If the above is not possible, should I then add two new ports one for http and one for https, and then use those ports for the new site. The certificate should then be able to work for the new site correctly? – right?

EDIT:

Do I need another IP address for the new subdomain?

My answer:


On IIS 7.5, you would need unique IP addresses. SNI is not supported before IIS 8.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.