Multiple Web Sites and SSL

We have a server at work that handles 4 web sites. We are running IIS6 and have to have at least on secure page on each web site.

Standard Port for SSL is 443. The problem is that you can only have one Web Site (application) using an SSL port.

We solved the problem by using non-standard ports 8443, 8444,8445,8446 - one for each site.

This works fine for most cases. The problem is that we now find that you will have problems with companies that have Proxy servers. They apparently have only 443 open for SSL by default. So any company that signs up with us that have a Proxy Server would have to modify the Proxy to allow one of these non-standard ports. Not really a good idea.

The only way around this problem (that I can figure out) is to have one Server for each Web Site. Very expensive. Especially since a couple of these sites have very little traffice (at the moment).

So if I have 6 web sites I would need 6 servers.

Is there a better way around this problem?

You don't need 6 servers, but you do need 6 IPs and you need to specify which site is listening on each IP. By default, IIS listens on all interfaces and addresses for every site you configure.

The default works great for non-ssl sites, as it is just name-based hosting, but ssl doesn't work with name-based hosting.

Another way that may work with this is if you publish through ISA Server. If you terminate the SSL connections on the ISA Server you can then publish to the correct host header on HTTP only on the inside, then the host headers will take over. I have never really tested it but i believe this is easy to acheive.

Hope that makes sense.

Cheers

Smurf,

Thats not a bad idea and its how SSL Accelerators (like the ones offered by F5) usually work, soo it shouldn't be too difficult to do. You could probably share the cert between 2 ISA boxen for redunancy if it allows it.