A new version of Windows Server is about to become upon us, Windows Server 2012 and with this a new version of Internet Information Services (IIS), version 8. IIS8 comes with a new cool feature called Server Name Indication (SNI).
In pervious versions of 5, 6, 7, 7.5 etc we have always had the ability to host multiple web sites under same IP address/port using HTTP/1.1 virtual hosting, i.e."Host Headers" where the web server looks at the DNS address entered into the Internet Browser and forwards the user to the appropriate site. Of course if a user accesses a website by IP, the Host Header will not work.
IIS has supported utilising Host Headers for HTTPS sites also for quite some time, however this has always been harder to configure with manual editing of the IIS metabase being required in previous versions of IIS, see http://clintboessen.blogspot.com.au/2009/03/how-to-setup-ssl-host-headers-iis6.html. However although SSL Host Headers were supported there was one problem which administrators faced. There was no way to sign a different digital certificate for each HTTPS website.
Now with IIS8 in Windows Server 2012, a new feature has been added tha extends the SSL and TLS protocols to indicate what hostname the client is attempting to connect to at the start of the handshaking process. This allows the IIS8 server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites to be served off the same IP address without requiring all those sites to use the same certificate. Multiple digital certificates assigned to the same the same IP/Port - very cool.
I'm sure we will see many changes to applications which leverage IIS adopting this new technology.
In pervious versions of 5, 6, 7, 7.5 etc we have always had the ability to host multiple web sites under same IP address/port using HTTP/1.1 virtual hosting, i.e."Host Headers" where the web server looks at the DNS address entered into the Internet Browser and forwards the user to the appropriate site. Of course if a user accesses a website by IP, the Host Header will not work.
IIS has supported utilising Host Headers for HTTPS sites also for quite some time, however this has always been harder to configure with manual editing of the IIS metabase being required in previous versions of IIS, see http://clintboessen.blogspot.com.au/2009/03/how-to-setup-ssl-host-headers-iis6.html. However although SSL Host Headers were supported there was one problem which administrators faced. There was no way to sign a different digital certificate for each HTTPS website.
Now with IIS8 in Windows Server 2012, a new feature has been added tha extends the SSL and TLS protocols to indicate what hostname the client is attempting to connect to at the start of the handshaking process. This allows the IIS8 server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites to be served off the same IP address without requiring all those sites to use the same certificate. Multiple digital certificates assigned to the same the same IP/Port - very cool.
I'm sure we will see many changes to applications which leverage IIS adopting this new technology.
Great blog post.. good to know! Better dust off my testing machines for some Windows Server 2012 experimentation.
ReplyDeleteA list of which browsers support this would be very handy... I can only presume IE 10 is the top of the list :)
windows 10 pro product key sale , vista home basic , windows 8 genuine product key purchase , free active key window 7 ultimate , key win 7 professional 32 bit , office 2016 product key , windows 7 activation key stor , free genuine product key for windows 7 ultimate 32 bit , lbcITQ
DeleteHi Trent,
ReplyDeleteThe following browsers are supported:
Internet Explorer 7 or later, on Windows Vista or higher. Does not work on Windows XP, even Internet Explorer 8.
Mozilla Firefox 2.0 or later
Opera 8.0 or later (the TLS 1.1 protocol must be enabled)
Opera Mobile at least version 10.1 beta on Android
Google Chrome (Vista or higher. XP on Chrome 6 or newer.[6] OS X 10.5.7 or higher on Chrome 5.0.342.1 or newer)
Safari 2.1 or later (Mac OS X 10.5.6 or higher and Windows Vista or higher)
Konqueror/KDE 4.7 or later
MobileSafari in Apple iOS 4.0 or later
Android default browser on Honeycomb (v3.x) or newer
Windows Phone 7
MicroB on Maemo
ReplyDeleteproduct key for windows 7 home premium free , rosett astone spanish latinamerica key , windows 8 key sale , windows 10 serial keys , windows 10 product key upgrade from 8.1 , keys of windows 7 professnal , windows 10 product key ending in 243 , office 2013 activation keys , wwiEX7
office 2013 product key
windows 10 enterprise key
vmware workstation 11 to buy