443端口中的多个域位于同一IP中 [英] Multiple domains in 443 port in same IP
问题描述
我在IIS 7的端口443(https)中托管了一个网站www.example1.com。现在我为同一个IP购买了一个新的www.example2.com域名。我想在443端口(我已使用端口443用于www.example1.com)托管此域(www.example2.com)中的另一个网站。
i have hosted the one website "www.example1.com" in port 443(https) in IIS 7. now i bought a new domain for "www.example2.com" for same IP. i would like to host the another website in this domain(www.example2.com) in port 443(i already used port 443 for "www.example1.com").
我该怎么做?是否可以在同一IP中的端口443中托管两个域?如果有人可以,请让我知道正确的方法吗?我正在使用IIS 7.
How can i do this? Is this possible to host two domains in port 443 in same IP? If yes could anyone please let me know the right way to do this? I am using IIS 7.
问候,
Karthik
Regards, Karthik
推荐答案
可以完成。
IIS 7中的SSL主机标头允许您为同一IP地址上的多个IIS网站使用一个SSL证书。通过IIS管理器界面,IIS仅允许您使用SSL证书将每个IP地址上的一个站点绑定到端口443。如果您尝试将IP地址上的第二个站点绑定到同一个证书,IIS 7将在启动站点时向您发出错误,指出存在端口冲突。为了在同一IP地址上分配要由多个IIS站点使用的证书,您需要按照以下说明设置SSL主机标头。
SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address. Through the IIS Manager interface, IIS only allows you to bind one site on each IP address to port 443 using an SSL certificate. If you try to bind a second site on the IP address to the same certificate, IIS 7 will give you an error when starting the site up stating that there is a port conflict. In order to assign a certificate to be used by multiple IIS sites on the same IP address, you will need to set up SSL Host Headers by following the instructions below.
什么您需要SSL证书的类型吗?
因为您只能使用一个证书,该证书需要与您使用它的网站的所有主机名一起使用(否则您将收到名称不匹配错误)。例如,如果您的每个IIS 7网站都使用单个公共域名的子域(如下例所示),您可以获得* .mydomain.com的通配符证书,它将保护site1.mydomain.com,site2 .mydomain.com等。
What Type of SSL Certificate Do You Need? Because you can only use one certificate, that certificate needs to work with all the hostnames of the websites that you use it with (otherwise you will receive a name mismatch error). For example, if each of your IIS 7 websites uses a subdomain of a single common domain name (like in the example below), you can get a Wildcard Certificate for *.mydomain.com and it will secure site1.mydomain.com, site2.mydomain.com, etc.
另一方面,如果您的IIS 7站点都使用不同的域名(mail.mydomain1.com,mail.mydomain2.com) ,等等),您需要获得统一通信证书(也称为SAN证书)。
If, on the other hand, your IIS 7 sites all use different domain names (mail.mydomain1.com, mail.mydomain2.com, etc.), you will need to get a Unified Communications Certificate (also called a SAN certificate).
在IIS 7上设置SSL主机头
获取SSL证书并将其安装到IIS 7.有关如何执行此操作的分步说明,请参阅在Windows Server 2008(IIS 7.0)中安装SSL证书。
将证书安装到IIS后,将其绑定到IP地址上的第一个站点。
单击开始菜单并输入cmd并按Enter键打开命令提示符。
通过在命令行上键入cd C:\ Windowsindows \ System32 \ Inetsrv \,导航到C:\ Windows \ system32 \ Inetsrv \。
在Inetsrv文件夹中,对IP地址上需要使用证书的每个其他网站运行以下命令(复制两行):
Setting up SSL Host Headers on IIS 7 Obtain an SSL certificate and install it into IIS 7. For step-by-step instructions on how to do this, see Installing an SSL Certificate in Windows Server 2008 (IIS 7.0). Once the certificate is installed into IIS, bind it to the first site on the IP address. Open the command prompt by clicking the start menu and typing "cmd" and hitting enter. Navigate to C:\Windows\System32\Inetsrv\ by typing "cd C:\Windows\System32\Inetsrv\" on the command line. In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines):
appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
Replace <IISSiteName> with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)
在浏览器中测试每个网站。它应该显示正确的页面并显示锁定图标,没有任何错误。如果它显示第一个IIS站点的网页,则说明SSL Host Headers尚未正确设置。
Test each website in a browser. It should bring up the correct page and show the lock icon without any errors. If it brings up the web page of the first IIS site, then SSL Host Headers haven’t been set up correctly.
这篇关于443端口中的多个域位于同一IP中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
