February 4th, 2010, 12:40 PM
Secure (https) and non secure (http) on the same server?
I have a secure (https) web site on a server running IIS 6, I want to set up a separate, non secure virtual site on the same server.
Is this possible/reccomended?
Does this create any problems RE: the security of the existing https site?
February 5th, 2010, 12:02 PM
No issues, but you can use host headers in IIS to run multiple sites. I would create a new site in IIS manager, and look into using host headers to assign what address that site responds to. For example, let's say you want a site at subdomain.mydomain.com. You would configure a host header of subdomain.mydomain.com to listen on port 80. Or let's say you have two completely different domains and websites such as domain1.com and domain2.com. Create a new site in IIS manager for each domain then configure host headers within each site to respond to those domain names. With root domain names, you do need to enter domain1.com and www.domain1.com as separate host header values (make sure you remove the blank host header from each site's configuration except the Default web site).
The only real caveat is you can run as many non-ssl sites as you want but can run only one ssl site to run on the standard SSL port 443. Other SSL sites can be created, but they need to be configured to listen on different TCP ports of your choosing that are not already being utilized.
Here is a great pictoral overview on how to use host headers: Configuring Host Headers in IIS 6.0
New Windows Administration Forum