Dept808
asked on
IIS SSL Certificate issue
Im in the process of configuring 3 web sites all with seperate IP's. When I created the first one specified the PORT of 443 picked my cert and tested I got a error. Essentially IIS is picking the wrong cert for some reason. I then created the second web app and picked the correct cert the one the first web app is picking, tested the second and it worked.
How can I "refresh" the settings in IIS so that its not picking the wrong cert?
I checked C:\Windows\System32\inetsr v\config\a pplication Host.confi g and the config is correct as well as what is being displaying in the UI.
How can I "refresh" the settings in IIS so that its not picking the wrong cert?
I checked C:\Windows\System32\inetsr
ASKER
The above applies even with multiple IP's on the server?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
You are going to need to get a new certificate that can cover more than one website (wildcard or UC certificates).
A wildcard certificate secures any subdomain of the domain that it was issued to. For example, a certificate that is issued to *.domain.com will cover something.domain.com, anything.domain.com, and whatever.domain.com. Because the *.domain.com certificate is valid on any of these domains, you will not receive an error message.
Also good to note: you can't use the IIS7 User Interface to add a host header to an SSL site binding. You have to use command-line tools, do it programmatically or edit applicationhost.config directly. Here is an example and a link how you can it via command-line:
appcmd set site /site.name:"MySite V2" /+bindings.[protocol='http
And last but not least: with IIS7 you can use the following command to figure out what certificate is bound to a particular IP:Port combination:
netsh http show sslcert
This command will show the IP:Port binding but also some other SSL settings.