?
Solved

Wildcard SSL binding issue on Windows 2008

Posted on 2013-01-24
5
Medium Priority
?
514 Views
Last Modified: 2013-03-11
I have a Windows 2008 R2 server which hosts many websites (probably 30-40).  Of those, maybe 15 are SSL enabled.  I am using a wildcard SSL certificate for *.lpga.com, and when I set up SSL enabled sites, in the IIS bindings, I set the binding type to SSL, select the wildcard certificate, and provide the hostname of the site.  This works perfectly and allows me to host multiple SSL websites using a single IP address.

The problem with this, however, is that IIS freaks out whenever I try to remove the SSL binding from a website.

So for example, let's say I have two websites set up in IIS:

Website 1 is configured for both http and https access using the hostname site1.lpga.com.

Website 2 is configured for both http and https access using the hostname site2.lpga.com.

If I go into the bindings for Website 1 and try to remove the https binding (leaving just the http binding) I get a warning prompt about other sites using the same SSL certificate and that removing the certificate will cause those sites to stop working.

I understand that the concept of hosting multiple websites on a single IP address using wildcard SSL works because the same certificate is being used for each binding, but what I don't understand is why IIS wants to remove the certificate from all websites using it if I just want to stop binding a single site to https using a given hostname.  That almost seems like a bug or design flaw.

Am I doing something wrong, or is there another way to do this, or is this just a flaw that I have to live with?
0
Comment
Question by:FWeston
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:balmasri
ID: 38817308
Configure SSL settings if you don't want your site to require SSL, or to interact in a specific way with client certificates. Click the site node in the tree view to go back to the site's home page. Double-click the SSL Settings feature in the middle pane.
  just disable using SSL for site1 as in the attached picture.SSL
0
 
LVL 3

Author Comment

by:FWeston
ID: 38829589
I'm not dealing with client certificates at all.  The image you posted doesn't seem to indicate SSL being disabled...the checkbox is checked to require SSL which would still leave http bound but would cause the user to get an "SSL required" error if they go to the http site.

What I'm trying to figure out is if I'm using wildcard SSL and have the same certificate bound to the same IP address on multiple IIS websites using different hostnames, and then I want to remove the https binding from one of those websites (and just make it a normal http site), how do I do it?
0
 
LVL 5

Expert Comment

by:balmasri
ID: 38829682
This figure just to show you that you can configure ( enable & disable ) the SSL on site level.
0
 
LVL 3

Accepted Solution

by:
FWeston earned 0 total points
ID: 38831019
Right, but what I'm saying is the image you included has nothing to do with enabling or disabling SSL.  Those controls just choose whether to require SSL if it is already enabled.
0
 
LVL 3

Author Closing Comment

by:FWeston
ID: 38972944
No solution.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question