Host multiple secure websites on Windows Server 2012

On a corporate network, it may be necessary to have multiple secure websites being served from a single Windows server, on a single IPInternet protocol address. Previously, attempting to host multiple secure sites on a single IP address would cause certificate requests to be perceived as man-in-the-middle attacks, and the connections would be refused. IIS 8.0, available only on Windows Server 2012, introduces the Server Name Indication (SNI) extension which allows a hostname or domain name to be included in SSL certificate requests. With SNI, multiple secure websites can be served from a single IP address as the certificates requests for the sites include the SNI extension, allowing the correct certificate to be presented to the client browser.

To host multiple secure websites on Windows Server 2012, configure the websites to include the SNI extension in the connection requests.

  1. Install IIS 8.0 on Windows Server 2012
  2. Add sites to the web server .
  3. Ensure the certificates required for the sites are available on the server. Depending on how your organization manages SSL certificates, this may involve generating a self-signed certificate or importing a certificate from a Certificate Authority. For instructions managing the certificates on the Windows Server, refer to the Microsoft help.
  4. (Optional) If the site requires Server Name Indication (SNI), create a self-signed certificate that identifies the ID of the site. See, Create self-signed certificates for each site requiring Server Name Indication.
  5. Identify the certificate to be used by each website
  6. Export SSL certificates from Windows Server 2012
  7. Managing Certificates and CA Certificates
  8. Configure SSL Acceleration Servers