I want to apply a certificate to one of my sites on IIS. At the moment, I use a single IP address and use host-headers, to give them friendly names. Can I do this for my SSL site or do I have to use the server name?
Okay, thanks for the reply.
serialhobbyist
2009-10-20 13:50:07
+1
A:
If each hostname is a subdomain of a single base domain (mail.domain1.com, www.domain1.com), you can use a wildcard certificate with SSL Host Headers. If they are different (domain1.com and domain2.com), you can use a Unified Communications certificate. See http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html for how to set up SSL Host Headers in IIS.
Robert
2009-10-20 16:46:04
+1
A:
Strictly speaking, you do not have to use a wildcard certificate (and many CAs would refuse to issue one), you could use a certificate with all your friendly host names listed in subjectAltName extension of the certificate. This way you could use one certificate for all your host names and avoid wildcard certificates. Anyway, HTTPS RFC recommends checking host name against subjectAltName if it is present, and not against certificate's subject.
Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead.
abbot
2009-10-20 21:52:48