Knowledge Base

IIS: multiple certificates installation

NOTE: Server Name Indication (SNI) protocol extension is supported starting from IIS 8.0 version so instructions below are not applicable for older versions of IIS. Legacy servers can use only one SSL certificate per IP address. If you have separate certificates for each of your websites, it will be necessary to assign a dedicated IP for each site. The alternative way is using a multi-domain (also known as SAN) certificate that cover required hostnames.

During certificate installation steps make sure that you tick 'Require Server Name Indication' box as shown on the screenshot:

multiIIS

Server Name Indication (SNI) is a specific SSL/TLS extension that allows using multiple SSL certificates on a single IP address. You can read more about it in this article.

Generally, the best practice for IIS servers is to have *one* SSL certificate that can be considered as the default certificate on the server. All websites that use that default SSL should have the 'Require Server Name Indication' box unchecked.

All additional certificates must be used along with SNI enabled; otherwise, this may cause errors in IIS and disrupt the work of your websites.