Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Problems with IIS6 & 2 SSL certs on one site

Posted on 2012-04-09
4
Medium Priority
?
523 Views
Last Modified: 2012-04-14
I'm moving from a wild card cert and am having some issues.

Previously I had my server set up like so

www.site.foo
admin.site.foo
resources.site.foo

I now have 2 EV certs (for www & resources) and a regular cert (for admin)

I've imported the certs into cert store and installed them on each site.
I've changed the sites to my new IP's and have them all set up to use 443.
I've viewed the certs in IIS and they are apparently correct
I've removed the old wildcard cert from the cert store
I've restarted IIS and each of the sites
I've run SSL diags and the sites look correct

All media & scripts from resources.site.foo load fine when browsing on www.site.foo port 80

But when I browse to a secure part of www.site.foo which has content from resources.site.foo

I get a connection rest error (shows aborted in firebug)

When I try to view any media over SSL i get the following.

resources.site.foo uses an invalid security certificate.
The certificate is only valid for www.site.foo

(this would be the reason for the aborted I'm sure)

So for some reason the certs are not working as expected. Why is IIS loading the cert for www when it should load the resources cert?




 the admin site works fine
0
Comment
Question by:SidFishes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37824683
seems your certificate binding is not done correctly.

http://www.digicert.com/ssl-support/configure-iis-host-headers.htm
0
 
LVL 17

Assisted Solution

by:Anuroopsundd
Anuroopsundd earned 750 total points
ID: 37824692
To configure the SecureBindings metabase property for SSL host headers
1. Click Start, click Run, type
cmd
in the Open box, and then click OK.
 
2.  Type the following command at the command prompt:

cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"

where host header is the host header for the Web site, for example, site2.contoso.com or site4.contoso.com.
 


http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8d9f2a8f-cd23-448c-b2c7-f4e87b9e2d2c.mspx?mfr=true
0
 
LVL 36

Accepted Solution

by:
SidFishes earned 0 total points
ID: 37824750
got it fixed

I'd actually done that (but did it again and that fixed the connection reset - but only after i shut down all sites and restarted them)

The other thing I hadn't done was to point the website 443 port to the correct IP

A bit more info from SSL Diag pointed me  in the right direction

When I refreshed the view i get


[ W3SVC/1834383756 ]
ServerComment = resources.site.foo
ServerAutoStart = True
ServerState = Server started
#Impersonated server account
SSLCertHash = XXXXXXXXXXX
SSLStoreName = XX
#CertName = resources.site.foo

However when I click on #CertName = resources.site.foo and do an SSL Probe I get the following


System time: Mon, 09 Apr 2012 18:42:42 GMT
Connecting to 64.34.106.3:443
Connected
Handshake: 51 bytes sent
Handshake: 5121 bytes received
Handshake: 566 bytes sent
Handshake: 43 bytes received
Handshake succeeded
Verifying server certificate, it might take a while...
Server certificate name: www.site.foo

So while it showed correct, when I run the probe it pointed to the wrong cert.

Going back into inetmgr I had a look at the IP settings and what I had forgotten to do was go into Advanced and change the settings to 443 -  it was using the default IP address in the Multiple SSL identities box.

So I changed that to point to the sites new IP (same as on 80), stopped all the site, reran the binding and I'm back in business
0
 
LVL 36

Author Closing Comment

by:SidFishes
ID: 37845942
site binding was only part of the problem. The forgetting to change the SSL IP was the real root. Splitting points for the help.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question