At least one other site is using the same HTTPS binding and the binding is configured with a different certificate

Posted on 2011-04-23
Last Modified: 2012-06-21
I have 2 web sites on my SBS 2008 server that seem to conflict, "Default" and "SBS Web Applications". SBS Web applications was originally using the SBS generated SSL certificate for

Then I started using the default web site and purchased a certificate for but now I can not apply it because the I get an error "At least one other site is using the same HTTPS binding and the binding is configured with a different certificate...."

The goal is to have the self gen certificate as it always was for the SBS Web application site and the one I purchased bound to the default web site... I assume this is happening becuase an IP address can only be bound to one SSL Cert. So the question is: How else can I approach this assuming I will only have one IP? I need a step by step...
Question by:swendell
    LVL 56

    Accepted Solution

    This is not an issue with SBS, but is a limitation of IIS (and every other web server out there.)  The problem is that SSL is designed to completely encript *all* traffic, including HTTP headers. To encrypt traffic, an SSL certificate must be used. When a server has multiple SSL certificates, it doesn't know which SSL certifiate to use to encrypt traffic because it hasn't received the HTTP headers yet (because a browser won't sent them unencrypted) so it doesn't know which site is being requested. Catch-22.

    You cannot bind two sites with SSL to the same port on the same IP.

    You will have to choose a non-standard port. Use a second IP (which will reak the SBS wizards), or use some othe configuration to make the sites "unique" and identifiable *before* any information is sent so IIS knows which certificate to send and use for encryption.

    With that said, SBS should never be used for hosting an external website. As an AD, this is insecure, but also due to system load...if your site is small enough that it performs well on SBS, it is small enough that it'd perform well on a webhost that offers the $1.49/month hosting packates, and they specialized in hosting and scalability, so you have better uptime, better security, and better response. In the 20 years I've been supporting SBS, I cannot think of a time I'd recommend running an external website on the box. While not directly related to your problem, it would certainly solve it.


    Author Closing Comment

    I guess it just cant be done

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
    If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now