同一个IP的443端口中的多个域 [英] Multiple domains in 443 port in same IP
问题描述
我托管了一个网站www.example1.com";在 IIS 7 的端口 443(https) 中.现在我为www.example2.com"购买了一个新域.对于相同的IP.我想在 443 端口托管此域中的另一个网站(www.example2.com)(我已经使用过www.example1.com"的端口 443).
i have hosted the one website "www.example1.com" in port 443(https) in IIS 7. now i bought a new domain for "www.example2.com" for same IP. i would like to host the another website in this domain(www.example2.com) in port 443(i already used port 443 for "www.example1.com").
我该怎么做?这是否可以在同一 IP 的端口 443 中托管两个域?如果是,任何人都可以让我知道正确的方法吗?我正在使用 IIS 7.
How can i do this? Is this possible to host two domains in port 443 in same IP? If yes could anyone please let me know the right way to do this? I am using IIS 7.
推荐答案
可以做到.
IIS 7 中的 SSL 主机标头允许您为同一 IP 地址上的多个 IIS 网站使用一个 SSL 证书.通过 IIS 管理器界面,IIS 只允许您使用 SSL 证书将每个 IP 地址上的一个站点绑定到端口 443.如果您尝试将 IP 地址上的第二个站点绑定到同一个证书,则 IIS 7 在启动该站点时会给您一个错误,指出存在端口冲突.为了在同一 IP 地址上分配一个供多个 IIS 站点使用的证书,您需要按照以下说明设置 SSL 主机标头.
SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address. Through the IIS Manager interface, IIS only allows you to bind one site on each IP address to port 443 using an SSL certificate. If you try to bind a second site on the IP address to the same certificate, IIS 7 will give you an error when starting the site up stating that there is a port conflict. In order to assign a certificate to be used by multiple IIS sites on the same IP address, you will need to set up SSL Host Headers by following the instructions below.
您需要什么类型的 SSL 证书?因为您只能使用一个证书,所以该证书需要与您使用它的网站的所有主机名一起使用(否则您将收到名称不匹配错误).例如,如果您的每个 IIS 7 网站都使用单个通用域名的子域(如下例所示),您可以获得 *.mydomain.com 的通配符证书,它将保护 site1.mydomain.com、site2.mydomain.com 等.
What Type of SSL Certificate Do You Need? Because you can only use one certificate, that certificate needs to work with all the hostnames of the websites that you use it with (otherwise you will receive a name mismatch error). For example, if each of your IIS 7 websites uses a subdomain of a single common domain name (like in the example below), you can get a Wildcard Certificate for *.mydomain.com and it will secure site1.mydomain.com, site2.mydomain.com, etc.
另一方面,如果您的 IIS 7 站点都使用不同的域名(mail.mydomain1.com、mail.mydomain2.com 等),您将需要获得统一通信证书(也称为 SAN证书).
If, on the other hand, your IIS 7 sites all use different domain names (mail.mydomain1.com, mail.mydomain2.com, etc.), you will need to get a Unified Communications Certificate (also called a SAN certificate).
在 IIS 7 上设置 SSL 主机标头获取 SSL 证书并将其安装到 IIS 7.有关如何执行此操作的分步说明,请参阅在 Windows Server 2008 (IIS 7.0) 中安装 SSL 证书.将证书安装到 IIS 后,将其绑定到 IP 地址上的第一个站点.通过单击开始菜单并键入cmd"并按回车键打开命令提示符.通过在命令行上键入cd C:WindowsSystem32Inetsrv"导航到 C:WindowsSystem32Inetsrv.在 Inetsrv 文件夹中,为需要使用证书的 IP 地址上的每个其他网站运行以下命令(复制这两行):
Setting up SSL Host Headers on IIS 7 Obtain an SSL certificate and install it into IIS 7. For step-by-step instructions on how to do this, see Installing an SSL Certificate in Windows Server 2008 (IIS 7.0). Once the certificate is installed into IIS, bind it to the first site on the IP address. Open the command prompt by clicking the start menu and typing "cmd" and hitting enter. Navigate to C:WindowsSystem32Inetsrv by typing "cd C:WindowsSystem32Inetsrv" on the command line. In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines):
appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
Replace <IISSiteName> with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)
在浏览器中测试每个网站.它应该显示正确的页面并显示锁定图标而没有任何错误.如果它打开第一个 IIS 站点的网页,则说明 SSL 主机头设置不正确.
Test each website in a browser. It should bring up the correct page and show the lock icon without any errors. If it brings up the web page of the first IIS site, then SSL Host Headers haven’t been set up correctly.
这篇关于同一个IP的443端口中的多个域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
