Binding multiple site instance using SAN SSL on one single IP and port in IIS 7

Question

I have a SAN certificate which has domains A, B C added to it. In my IIS, I've created a site instance for each of those domain.

I was only able to add https binding to one of the site instance. Surprisingly, https works for all those 3 domains. The confusing part is non-https traffics all goes to the correct domain, but https all the traffics goes to "the site" with https bindings on, instead of executing the code base in the corresponding domain!

> Eg.  Assuming a SAN certificate contains www.a.com, www.b.com, www.c.com 
> 1. create 3 separate site instance for www.a.com, www.b.com, www.c.com in IIS 7    
> 2. Add https binding to www.a.com site  
> 3. browse to http://www.b.com opens home page on b.com
> 4. browse to https://www.b.com opens home page on a.com! 

Is it possible to use SAN SSL to secure multiple domains on one IP and port to resolve this issue?

Answer 1

After digging around, there is no way you can do it. When you create multiple site instance in IIS, you are only able to bind one of them to the IP with the certificate installed on. The way around it is

1. create multiple application in the single site instance
2. create all the http bindings under that site instance
3. use url rewrite to dynamically route the request to the correct application

Answer 2

First you need to create a cert with X509v3 extensions: link

Then, there's a feature known as "SNI" which lets you use multiple SSL certificates on the same IP. Wiki

Let me know how it goes. :)