That has been a question I have come across frequently. Before IIS 8, you could host multiple sites needing SSL on a single IP address if the sites utilized the same SSL certificate or used a wildcard SSL certificate. A wildcard certificate was only beneficial if you needed SSL on the subdomain level of a current site/domain. But what if you had sites with different names? Well, you could get a Subject Alternative Names (SAN) SSL certificate. This SSL certificate would allow you to protect multiple sites with a single SSL certificate. The last available option prior to IIS 8 required setting each additional SSL site on the same IP address but with a different SSL port number. This would allow you to utilize each site’s/domain’s SSL on the same IP address as another site. By default, SSL certificates utilize port 443 for secure communication. This port doesn’t need to be specified in the URL since this is the standard port. When you use a different port number for SSL you will be required to add the non-standard SSL port number in the URL in order for it to work. As you can imagine, this is not the way you want to run a public site. How would a user know to enter the port number and it’s not a common step that users are familiar with doing when browsing a site.
Adding an additional IP address to host another site needing SSL is the common method used but sometimes this isn’t an option for some people. With the inception of IIS 8 on Windows Server 2012, a new feature called Server Name Identification (SNI) was added. This feature offers an easier solution to hosting multiple sites that have a different or individual SSL on a single IP address. This feature is included in IIS 8 by default and doesn’t require the installation of any additional features to begin using it. Below, I will walk through the steps involved with configuring SNI. One thing to note with implementing SNI for your SSL solution, it will not work for those users running Internet Explorer on Windows XP. If your server has multiple IP addresses, you can implement SNI for some sites in addition to assigning individual sites to a single IP address for SSL. Both methods will work along side each other on different IP addresses without issue.
That’s all that needs to be done. Test SSL for the site to make sure each site is working properly. If you have additional sites that need SSL added, you can continue following the steps above for adding the SSL binding for each new site.
Find other websites in your subnet