IIS: HTTP 1.1 Host Headers Not Supported When Using SSL

ID: Q187504

The information in this article applies to:

Microsoft Internet Information Server version 4.0

SUMMARY

When you use Secure Sockets Layer (SSL), HTTP 1.1 Host Headers will not function. This is because Host Headers are included in the encrypted request.

MORE INFORMATION

When a Web server is configured to use SSL, Microsoft Internet Information Server (IIS) must determine which certificate to use. IIS 4.0 supports multiple Web servers on a single server, so it is feasible to have multiple certificates loaded. Only one certificate will be used with a given Web server.

Internet Information Server version 4.0 allows a server to host multiple Web sites. This is achieved by any of the following:

Using different IP addresses, but the same port number

Using the same IP address, but different port numbers

Using the same IP address and port number, but using HTTP 1.1 Host Headers

Host Headers allow the server to determine which Web server to use in the event the IP address or port number are the same and are part of the HTTP 1.1 protocol. This information is included as part of the request header sent by the browser to the server.

When a request comes to the server using SSL, IIS looks in its configuration store to determine which certificate to use. This is performed by doing a lookup on the IP/Port combination. When there are multiple Web servers on a computer that all have the same IP address and port number configured to use Host Headers, the normal progression of events is to look at the Host Header to determine which Web server to use. However, the client request is still encrypted using SSL. Therefore, the header is encrypted, and IIS cannot determine which server certificate to use nor which Web server to communicate with (as it could be one of many).

Keywords :
Version : WINNT:4.0
Platform : winnt
Issue type : kbinfo