Is there any way to configure multiple SSL sites on the same server without a wildcard certificate?

Question

I've set up multiple ssl sites on iis using Servier Bindings as per this article: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8d9f2a8f-cd23-448c-b2c7-f4e87b9e2d2c.mspx?mfr=true

I have two different ssl certs for the two sites installed but when I browse to either site I get the same certificate. Is there any way to configure this without buying a wildcard cert?

Answer 1

If both the browser and the web server support the Server Name Indication extension, the web server can use it to select the correct certificate. Otherwise, you would have to use two separate IP addresses or the wildcard certificate (as the other answers already mentioned, the HTTP headers, including the Host header which tells the web server which site is being requested, are encapsulated within the SSL/TLS connection).

Answer 2

Without using different IPs or ports, no. Due to the way that HTTPS connections work the encrypted connection happens before things like host headers can be sent, so there's no way for the server to know which one to connect to.