Configuring a subdomain to use HTTPS

iis-7ssl

I have a domain which we'll call www.mydomain.com for reference. I have a subdomain at m.mydomain.com for people who want to view the website via their mobile devices. My users are logging into this site so I wanted to protect their credentials if possible. Because of this, I purchased an SSL certificate.

I'm not an SSL certificate guru, so I may be misunderstanding something. I thought that I could have a single SSL certificate for my domain. However, when I attempt to access https://m.mydomain.com I get redirected to https://www.mydomain.com instead of seeing the content that is at http://m.mydomain.com. In other words, here is a list of my configurations and results pulled from IIS 7:

Site Name     Binding Type  Host Name       Port  IP Address    Result via Browser
---------     ------------  ---------       ----  ----------    -----------------------------------
MySite        http                          80    ww.xx.yyy.zz  http://www.mydomain.com works fine
MySite        https                         443   ww.xx.yyy.zz  https://www.mydomain.com works fine
MyMobileSite  http          m.mydomain.com  80    ww.xx.yyy.zz  http://m.mydomain.com works

My first hunch was to add a new binding of type https to MyMobileSite on port 443. However, in the process, I noticed that I'm prompted to select an SSL certificate. I'm concerned that if I select the SSL certificate associated with MySite, it will break that binding. Once again, I do not fully understand SSL certificates. Can I use the same SSL certificate across multiple IIS Sites and multiple binding as long as they share the same domain? Can I go ahead and create the binding like I was thinking? My main concern is that I break something and being unable to reverse it.

Thank you!

Best Solution

no the fact is that certificates are used to verify that your not using someone else's ip (spoofing) i suggest using linux and self signed ssl certificates but if your using windows thats fine too just use ssl on all your domains as long as there on same (external) IP,

hope this helps.

PS SSL is just a way of making sure security encrypted protocols are in effect between server and client.

I always recommend having both :443 and :80 for everyone to choose how they connect except if you are running sensitive data streams for money transfers etc, then defiantly make sure it uses secure (443 port) and never port 80 (unsecured connection).

Related Question