Solved

Wildcard SSL binding issue on Windows 2008

Posted on 2013-01-24
5
510 Views
Last Modified: 2013-03-11
I have a Windows 2008 R2 server which hosts many websites (probably 30-40).  Of those, maybe 15 are SSL enabled.  I am using a wildcard SSL certificate for *.lpga.com, and when I set up SSL enabled sites, in the IIS bindings, I set the binding type to SSL, select the wildcard certificate, and provide the hostname of the site.  This works perfectly and allows me to host multiple SSL websites using a single IP address.

The problem with this, however, is that IIS freaks out whenever I try to remove the SSL binding from a website.

So for example, let's say I have two websites set up in IIS:

Website 1 is configured for both http and https access using the hostname site1.lpga.com.

Website 2 is configured for both http and https access using the hostname site2.lpga.com.

If I go into the bindings for Website 1 and try to remove the https binding (leaving just the http binding) I get a warning prompt about other sites using the same SSL certificate and that removing the certificate will cause those sites to stop working.

I understand that the concept of hosting multiple websites on a single IP address using wildcard SSL works because the same certificate is being used for each binding, but what I don't understand is why IIS wants to remove the certificate from all websites using it if I just want to stop binding a single site to https using a given hostname.  That almost seems like a bug or design flaw.

Am I doing something wrong, or is there another way to do this, or is this just a flaw that I have to live with?
0
Comment
Question by:FWeston
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:balmasri
ID: 38817308
Configure SSL settings if you don't want your site to require SSL, or to interact in a specific way with client certificates. Click the site node in the tree view to go back to the site's home page. Double-click the SSL Settings feature in the middle pane.
  just disable using SSL for site1 as in the attached picture.SSL
0
 
LVL 3

Author Comment

by:FWeston
ID: 38829589
I'm not dealing with client certificates at all.  The image you posted doesn't seem to indicate SSL being disabled...the checkbox is checked to require SSL which would still leave http bound but would cause the user to get an "SSL required" error if they go to the http site.

What I'm trying to figure out is if I'm using wildcard SSL and have the same certificate bound to the same IP address on multiple IIS websites using different hostnames, and then I want to remove the https binding from one of those websites (and just make it a normal http site), how do I do it?
0
 
LVL 5

Expert Comment

by:balmasri
ID: 38829682
This figure just to show you that you can configure ( enable & disable ) the SSL on site level.
0
 
LVL 3

Accepted Solution

by:
FWeston earned 0 total points
ID: 38831019
Right, but what I'm saying is the image you included has nothing to do with enabling or disabling SSL.  Those controls just choose whether to require SSL if it is already enabled.
0
 
LVL 3

Author Closing Comment

by:FWeston
ID: 38972944
No solution.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question