Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Install two certificates for the same website IIS 8

Posted on 2014-11-20
Medium Priority
Last Modified: 2014-11-25

I would like to know if it's possible to install two certificates on the same IIS 8 web site i.e. to represent the same domain name?

The reason behind this is that we use IIS 8 as a reverse proxy to handle incoming AS2 traffic. The AS2 traffic will be signed with our public key, and the certificate for that is through godaddy and expires in a few weeks. When I renew the certificate, the old one will be revoked within 72 hours. This isn't long enough for us to distribute the new certificate to our AS2 customers and we can't afford to lose connectivity with them.

Godaddy have recommended that I purchase a new certificate under the same domain name, and that this can sit alongside the old one on their system. If I can install this alongside the old one, then this should solve my problem. Our AS2 customers then have a few weeks to install the new cert on their systems before the old one expires.

Any help is much appreciated.

Question by:failed

Expert Comment

by:Abdul Khadja Alaoudine
ID: 40454890
Yes, it can be done. See for more information - https://www.digicert.com/ssl-support/ssl-host-headers-iis-8.htm

Author Comment

ID: 40454969
I don't think that will work because I want both certificates to bind to the same port. Any ideas?
LVL 31

Accepted Solution

Rich Weissler earned 2000 total points
ID: 40460806
Two certificates bound to the same port on the same server?
No.  You can only have one.

On the assumption that your clients have to explicitly install the certificate on their systems to use the site: What you should be able to do, however, is buy a new certificate while you keep the only one bound to the website while your users install the new certificate.  On the day before the old certificate expires, or after you have confirmation that your clients all have the new certificate, you switch over to bind the new certificate to the port.

Normally, however, you would purchase a certificate from GoDaddy or another public CA because you don't want your clients to have to explicitly trust your certificate.  You're paying for a certificate because the public CA's root certificate is trusted by systems by default.  (That said, you usually have to also install the GoDaddy intermediate certificate on the web server so that the certificate chain can be established on the server.)  I'm assuming there is something specific with the AS2 system that precludes this from working correctly for some reason.

Expert Comment

ID: 40464876
I know you accepted an answer, but I thought I would add that you can put more than one domain name in one cert.
Check out this link at digi cert.
LVL 31

Expert Comment

by:Rich Weissler
ID: 40465134
I believe the issues isn't multiple names, my interpretation of the issue at hand was that the name was staying the same.  The issue was that the old certificate was expiring, and there was timing and coordination efforts necessary before the new certificate could be active on the site.

SAN and wildcard certificates solve a problem, which folks might also want to solve with binding multiple certificates to a port, but they don't solve this problem.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happenā€¦
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā€¦

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question