FWeston
asked on
Wildcard SSL binding issue on Windows 2008
I have a Windows 2008 R2 server which hosts many websites (probably 30-40). Of those, maybe 15 are SSL enabled. I am using a wildcard SSL certificate for *.lpga.com, and when I set up SSL enabled sites, in the IIS bindings, I set the binding type to SSL, select the wildcard certificate, and provide the hostname of the site. This works perfectly and allows me to host multiple SSL websites using a single IP address.
The problem with this, however, is that IIS freaks out whenever I try to remove the SSL binding from a website.
So for example, let's say I have two websites set up in IIS:
Website 1 is configured for both http and https access using the hostname site1.lpga.com.
Website 2 is configured for both http and https access using the hostname site2.lpga.com.
If I go into the bindings for Website 1 and try to remove the https binding (leaving just the http binding) I get a warning prompt about other sites using the same SSL certificate and that removing the certificate will cause those sites to stop working.
I understand that the concept of hosting multiple websites on a single IP address using wildcard SSL works because the same certificate is being used for each binding, but what I don't understand is why IIS wants to remove the certificate from all websites using it if I just want to stop binding a single site to https using a given hostname. That almost seems like a bug or design flaw.
Am I doing something wrong, or is there another way to do this, or is this just a flaw that I have to live with?
The problem with this, however, is that IIS freaks out whenever I try to remove the SSL binding from a website.
So for example, let's say I have two websites set up in IIS:
Website 1 is configured for both http and https access using the hostname site1.lpga.com.
Website 2 is configured for both http and https access using the hostname site2.lpga.com.
If I go into the bindings for Website 1 and try to remove the https binding (leaving just the http binding) I get a warning prompt about other sites using the same SSL certificate and that removing the certificate will cause those sites to stop working.
I understand that the concept of hosting multiple websites on a single IP address using wildcard SSL works because the same certificate is being used for each binding, but what I don't understand is why IIS wants to remove the certificate from all websites using it if I just want to stop binding a single site to https using a given hostname. That almost seems like a bug or design flaw.
Am I doing something wrong, or is there another way to do this, or is this just a flaw that I have to live with?
ASKER
I'm not dealing with client certificates at all. The image you posted doesn't seem to indicate SSL being disabled...the checkbox is checked to require SSL which would still leave http bound but would cause the user to get an "SSL required" error if they go to the http site.
What I'm trying to figure out is if I'm using wildcard SSL and have the same certificate bound to the same IP address on multiple IIS websites using different hostnames, and then I want to remove the https binding from one of those websites (and just make it a normal http site), how do I do it?
What I'm trying to figure out is if I'm using wildcard SSL and have the same certificate bound to the same IP address on multiple IIS websites using different hostnames, and then I want to remove the https binding from one of those websites (and just make it a normal http site), how do I do it?
This figure just to show you that you can configure ( enable & disable ) the SSL on site level.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No solution.
just disable using SSL for site1 as in the attached picture.