Solved

Wildcard SSL binding issue on Windows 2008

Posted on 2013-01-24
5
503 Views
Last Modified: 2013-03-11
I have a Windows 2008 R2 server which hosts many websites (probably 30-40).  Of those, maybe 15 are SSL enabled.  I am using a wildcard SSL certificate for *.lpga.com, and when I set up SSL enabled sites, in the IIS bindings, I set the binding type to SSL, select the wildcard certificate, and provide the hostname of the site.  This works perfectly and allows me to host multiple SSL websites using a single IP address.

The problem with this, however, is that IIS freaks out whenever I try to remove the SSL binding from a website.

So for example, let's say I have two websites set up in IIS:

Website 1 is configured for both http and https access using the hostname site1.lpga.com.

Website 2 is configured for both http and https access using the hostname site2.lpga.com.

If I go into the bindings for Website 1 and try to remove the https binding (leaving just the http binding) I get a warning prompt about other sites using the same SSL certificate and that removing the certificate will cause those sites to stop working.

I understand that the concept of hosting multiple websites on a single IP address using wildcard SSL works because the same certificate is being used for each binding, but what I don't understand is why IIS wants to remove the certificate from all websites using it if I just want to stop binding a single site to https using a given hostname.  That almost seems like a bug or design flaw.

Am I doing something wrong, or is there another way to do this, or is this just a flaw that I have to live with?
0
Comment
Question by:FWeston
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:balmasri
ID: 38817308
Configure SSL settings if you don't want your site to require SSL, or to interact in a specific way with client certificates. Click the site node in the tree view to go back to the site's home page. Double-click the SSL Settings feature in the middle pane.
  just disable using SSL for site1 as in the attached picture.SSL
0
 
LVL 3

Author Comment

by:FWeston
ID: 38829589
I'm not dealing with client certificates at all.  The image you posted doesn't seem to indicate SSL being disabled...the checkbox is checked to require SSL which would still leave http bound but would cause the user to get an "SSL required" error if they go to the http site.

What I'm trying to figure out is if I'm using wildcard SSL and have the same certificate bound to the same IP address on multiple IIS websites using different hostnames, and then I want to remove the https binding from one of those websites (and just make it a normal http site), how do I do it?
0
 
LVL 5

Expert Comment

by:balmasri
ID: 38829682
This figure just to show you that you can configure ( enable & disable ) the SSL on site level.
0
 
LVL 3

Accepted Solution

by:
FWeston earned 0 total points
ID: 38831019
Right, but what I'm saying is the image you included has nothing to do with enabling or disabling SSL.  Those controls just choose whether to require SSL if it is already enabled.
0
 
LVL 3

Author Closing Comment

by:FWeston
ID: 38972944
No solution.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now