4

I'm having troubles using SSL for 2 different websites on my IIS 7 server. Please see my setup below:

website1: my.corporate.portal.com

SSL certificate for website1: *.corporate.portal.com

https/443 binded to my.corporate.portal.com

website2: client.portal.com SSL certificate issued for: client.portal.com When I try to bind https in IIS7 with the client's certificate, I don't have an option to put host name(grayed out) and as soon as I select 'client.portal.com' cert, I'm getting the following error in IIS:

At least one other site is using the same HTTPS binding and the binding is configured with a different certificate. Are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the new certificate?

If I click 'yes' my.corporate.portal.com website stops using the proper SSL cert.

Could you suggest something?

Improve this question

2 Answers 2

Reset to default
7

Generally, a separate IP is required for each SSL site, so if you attempt to bind to the same IP you will see the above error.

This is due to the way SSL works. The server is unable to read the HTTP host header during the handshake process, so it can't use that header information to choose which site (and certificate) to use. Thus certificates in IIS are basically bound per-IP, rather than per-site.

If you have a wildcard certificate or ASN certificate that applies to multiple sites, you can set it up as follows:

  1. Bind cert to first site on the IP
  2. For host header sites, execute the following command in the inetsrv folder: appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']

Replace and with the appropriate values (Website1 and www.example.com, for example).

SNI is supported in IIS8 to allow multiple unrelated SSL sites on the same IP. Note that SNI is only supported in modern browsers, so it may cause problems for you if you are running a commercial site with a wide audience, like Windows XP users running older versions of Internet Explorer.

Improve this answer
3
  • Adding additional IP would be a problem since this server is on EC2/Amazon Commented Nov 8, 2012 at 22:10
  • Or you can tick the "Require Server Name Indication" checkbox when adding the HTTPS binding to each site (other than the sites you associated with the first SSL certificate) Commented May 18, 2017 at 10:28
  • @Jimbo This was addressed already in the final section of the answer. Commented May 30, 2017 at 6:11
-1

Implementing Elastic Load Balancing for the Amazon instance solve the issue (http://aws.amazon.com/elasticloadbalancing/)

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.