Link to home
Create AccountLog in
Avatar of Dept808
Dept808

asked on

IIS SSL Certificate issue

Im in the process of configuring 3 web sites all with seperate IP's.  When I created the first one specified the PORT of 443 picked my cert and tested I got a error.  Essentially IIS is picking the wrong cert for some reason.   I then created the second web app and picked the correct cert the one the first web app is picking, tested the second and it worked.

How can I "refresh" the settings in IIS so that its not picking the wrong cert?

I checked C:\Windows\System32\inetsrv\config\applicationHost.config and the config is correct as well as what is being displaying in the UI.
Avatar of Ugo Mena
Ugo Mena
Flag of United States of America image

If multiple SSL Certificates are used, the server usually has a problem with providing the correct SSL Certificate when an HTTPS connection is established, causing a certificate name error.

You are going to need to get a new certificate that can cover more than one website (wildcard or UC certificates).

A wildcard certificate secures any subdomain of the domain that it was issued to. For example, a certificate that is issued to *.domain.com will cover something.domain.com, anything.domain.com, and whatever.domain.com. Because the *.domain.com certificate is valid on any of these domains, you will not receive an error message.

Also good to note: you can't use the IIS7 User Interface to add a host header to an SSL site binding. You have to use command-line tools, do it programmatically or edit applicationhost.config directly. Here is an example and a link how you can it via command-line:

appcmd set site /site.name:"MySite V2" /+bindings.[protocol='https',bindingInformation='*:443:sitev2.mysite.com']

And last but not least: with IIS7 you can use the following command to figure out what certificate is bound to a particular IP:Port combination:  
netsh http show sslcert

This command will show the IP:Port binding but also some other SSL settings.
Avatar of Dept808
Dept808

ASKER

The above applies even with multiple IP's on the server?
ASKER CERTIFIED SOLUTION
Avatar of Ugo Mena
Ugo Mena
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer