Wildcard SSL binding issue on Windows 2008
Posted on 2013-01-24
I have a Windows 2008 R2 server which hosts many websites (probably 30-40). Of those, maybe 15 are SSL enabled. I am using a wildcard SSL certificate for *.lpga.com, and when I set up SSL enabled sites, in the IIS bindings, I set the binding type to SSL, select the wildcard certificate, and provide the hostname of the site. This works perfectly and allows me to host multiple SSL websites using a single IP address.
The problem with this, however, is that IIS freaks out whenever I try to remove the SSL binding from a website.
So for example, let's say I have two websites set up in IIS:
Website 1 is configured for both http and https access using the hostname site1.lpga.com.
Website 2 is configured for both http and https access using the hostname site2.lpga.com.
If I go into the bindings for Website 1 and try to remove the https binding (leaving just the http binding) I get a warning prompt about other sites using the same SSL certificate and that removing the certificate will cause those sites to stop working.
I understand that the concept of hosting multiple websites on a single IP address using wildcard SSL works because the same certificate is being used for each binding, but what I don't understand is why IIS wants to remove the certificate from all websites using it if I just want to stop binding a single site to https using a given hostname. That almost seems like a bug or design flaw.
Am I doing something wrong, or is there another way to do this, or is this just a flaw that I have to live with?