Problems with IIS6 & 2 SSL certs on one site

I'm moving from a wild card cert and am having some issues.

Previously I had my server set up like so

I now have 2 EV certs (for www & resources) and a regular cert (for admin)

I've imported the certs into cert store and installed them on each site.
I've changed the sites to my new IP's and have them all set up to use 443.
I've viewed the certs in IIS and they are apparently correct
I've removed the old wildcard cert from the cert store
I've restarted IIS and each of the sites
I've run SSL diags and the sites look correct

All media & scripts from load fine when browsing on port 80

But when I browse to a secure part of which has content from

I get a connection rest error (shows aborted in firebug)

When I try to view any media over SSL i get the following. uses an invalid security certificate.
The certificate is only valid for

(this would be the reason for the aborted I'm sure)

So for some reason the certs are not working as expected. Why is IIS loading the cert for www when it should load the resources cert?

 the admin site works fine
LVL 36
Who is Participating?
SidFishesConnect With a Mentor Author Commented:
got it fixed

I'd actually done that (but did it again and that fixed the connection reset - but only after i shut down all sites and restarted them)

The other thing I hadn't done was to point the website 443 port to the correct IP

A bit more info from SSL Diag pointed me  in the right direction

When I refreshed the view i get

[ W3SVC/1834383756 ]
ServerComment =
ServerAutoStart = True
ServerState = Server started
#Impersonated server account
SSLStoreName = XX
#CertName =

However when I click on #CertName = and do an SSL Probe I get the following

System time: Mon, 09 Apr 2012 18:42:42 GMT
Connecting to
Handshake: 51 bytes sent
Handshake: 5121 bytes received
Handshake: 566 bytes sent
Handshake: 43 bytes received
Handshake succeeded
Verifying server certificate, it might take a while...
Server certificate name:

So while it showed correct, when I run the probe it pointed to the wrong cert.

Going back into inetmgr I had a look at the IP settings and what I had forgotten to do was go into Advanced and change the settings to 443 -  it was using the default IP address in the Multiple SSL identities box.

So I changed that to point to the sites new IP (same as on 80), stopped all the site, reran the binding and I'm back in business
seems your certificate binding is not done correctly.
AnuroopsunddConnect With a Mentor Commented:
To configure the SecureBindings metabase property for SSL host headers
1. Click Start, click Run, type
in the Open box, and then click OK.
2.  Type the following command at the command prompt:

cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"

where host header is the host header for the Web site, for example, or
SidFishesAuthor Commented:
site binding was only part of the problem. The forgetting to change the SSL IP was the real root. Splitting points for the help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.