Quick answer: for every unique domain name "string" you need a unique IP for each cert. sub1.foo.org -> IP1 sub2.foo.org -> IP2 NOTE: foo.org and www.foo.org are two different domain "strings" for SSL cert purposes. I currently have multiple domains with multiple certs on my IIS boxen. I have all the domains unassigned by default (http) and only assign the cert (https) to the IP the DNS records will have the domain listed at. This way you only have to assign an IP to a domain other than the default catch all IP for those with certs and if you remove it the http stays unassigned. Hope that helps. -- Anthony Baratta President Keyboard Jockeys "Conformity is the refuge of the unimaginative."