Install two certificates for the same website IIS 8

Posted on 2014-11-20
Medium Priority
Last Modified: 2014-11-25

I would like to know if it's possible to install two certificates on the same IIS 8 web site i.e. to represent the same domain name?

The reason behind this is that we use IIS 8 as a reverse proxy to handle incoming AS2 traffic. The AS2 traffic will be signed with our public key, and the certificate for that is through godaddy and expires in a few weeks. When I renew the certificate, the old one will be revoked within 72 hours. This isn't long enough for us to distribute the new certificate to our AS2 customers and we can't afford to lose connectivity with them.

Godaddy have recommended that I purchase a new certificate under the same domain name, and that this can sit alongside the old one on their system. If I can install this alongside the old one, then this should solve my problem. Our AS2 customers then have a few weeks to install the new cert on their systems before the old one expires.

Any help is much appreciated.

Question by:failed
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

by:Abdul Khadja Alaoudine
ID: 40454890
Yes, it can be done. See for more information - https://www.digicert.com/ssl-support/ssl-host-headers-iis-8.htm

Author Comment

ID: 40454969
I don't think that will work because I want both certificates to bind to the same port. Any ideas?
LVL 30

Accepted Solution

Rich Weissler earned 2000 total points
ID: 40460806
Two certificates bound to the same port on the same server?
No.  You can only have one.

On the assumption that your clients have to explicitly install the certificate on their systems to use the site: What you should be able to do, however, is buy a new certificate while you keep the only one bound to the website while your users install the new certificate.  On the day before the old certificate expires, or after you have confirmation that your clients all have the new certificate, you switch over to bind the new certificate to the port.

Normally, however, you would purchase a certificate from GoDaddy or another public CA because you don't want your clients to have to explicitly trust your certificate.  You're paying for a certificate because the public CA's root certificate is trusted by systems by default.  (That said, you usually have to also install the GoDaddy intermediate certificate on the web server so that the certificate chain can be established on the server.)  I'm assuming there is something specific with the AS2 system that precludes this from working correctly for some reason.

Expert Comment

ID: 40464876
I know you accepted an answer, but I thought I would add that you can put more than one domain name in one cert.
Check out this link at digi cert.
LVL 30

Expert Comment

by:Rich Weissler
ID: 40465134
I believe the issues isn't multiple names, my interpretation of the issue at hand was that the name was staying the same.  The issue was that the old certificate was expiring, and there was timing and coordination efforts necessary before the new certificate could be active on the site.

SAN and wildcard certificates solve a problem, which folks might also want to solve with binding multiple certificates to a port, but they don't solve this problem.

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question