Avatar of failed
failed
 asked on

Install two certificates for the same website IIS 8

Hello

I would like to know if it's possible to install two certificates on the same IIS 8 web site i.e. to represent the same domain name?

The reason behind this is that we use IIS 8 as a reverse proxy to handle incoming AS2 traffic. The AS2 traffic will be signed with our public key, and the certificate for that is through godaddy and expires in a few weeks. When I renew the certificate, the old one will be revoked within 72 hours. This isn't long enough for us to distribute the new certificate to our AS2 customers and we can't afford to lose connectivity with them.

Godaddy have recommended that I purchase a new certificate under the same domain name, and that this can sit alongside the old one on their system. If I can install this alongside the old one, then this should solve my problem. Our AS2 customers then have a few weeks to install the new cert on their systems before the old one expires.

Any help is much appreciated.

Regards,
James
Microsoft IIS Web ServerSSL / HTTPSWindows Server 2012

Avatar of undefined
Last Comment
Rich Weissler

8/22/2022 - Mon
Abdul Khadja Alaoudine

Yes, it can be done. See for more information - https://www.digicert.com/ssl-support/ssl-host-headers-iis-8.htm
failed

ASKER
I don't think that will work because I want both certificates to bind to the same port. Any ideas?
ASKER CERTIFIED SOLUTION
Rich Weissler

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SquigglyMonkey

I know you accepted an answer, but I thought I would add that you can put more than one domain name in one cert.
Check out this link at digi cert.
https://www.digicert.com/ev-multi-domain-ssl.htm
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Rich Weissler

I believe the issues isn't multiple names, my interpretation of the issue at hand was that the name was staying the same.  The issue was that the old certificate was expiring, and there was timing and coordination efforts necessary before the new certificate could be active on the site.

SAN and wildcard certificates solve a problem, which folks might also want to solve with binding multiple certificates to a port, but they don't solve this problem.